First page Back Continue Last page Overview Graphics

Explicit Matches

-m limit –limit-burst
- Used with -m limit --limit
- Takes an integer parameter which specifies how many packets are allowed to “burst” before the limit parameter starts counting
- Recharged by one for every limit measurement period during which no packets are received
- iptables -I INPUT 1 -p 6 –tcp-flags SYN -m limit –limit 30/s –limit-burst 50 -j ACCEPT
- iptables -I INPUT 1 -p 6 –tcp-flags SYN -m limit –limit 30/s –limit-burst 50 -j Evaluate

Notes: