Linode Forum :: Dynamic IP Tables

limit
This module matches at a limited rate using a token bucket filter. A rule using this extension will match until
this limit is reached (unless the `!' flag is used). It can be used in combination with the LOG target to give
limited logging, for example.

--limit rate
Maximum average matching rate: specified as a number, with an optional `/second', `/minute', `/hour', or
`/day' suffix; the default is 3/hour.

--limit-burst number
Maximum initial number of packets to match: this number gets recharged by one every time the limit specified
above is not reached, up to this number; the default is 5.

Author:	adamgent [ Sun Nov 16, 2003 10:26 am ]
Post subject:	Dynamic IP Tables
Hi All, Does anyone know if it is possible using iptables, to say if there is more than x icmp packets in x amount of time to start to block icmp packets? Adam

Author:	inkblot [ Sun Nov 16, 2003 10:47 am ]
Post subject:	limit module
Yes, there is a module called 'limit' which is documented in the iptables man page. Quote: limit This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the `!' flag is used). It can be used in combination with the LOG target to give limited logging, for example. --limit rate Maximum average matching rate: specified as a number, with an optional `/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour. --limit-burst number Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.

Linode Forum https://forum.linode.com/

Dynamic IP Tables https://forum.linode.com/viewtopic.php?f=19&t=484	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/