On Thu, 30 Dec 2004, Dario Lesca wrote: > Il gio, 2004-12-30 alle 14:30, Steven Stern ha scritto: > > On Thu, 30 Dec 2004 21:19:35 +0800, chi <chi@xxxxxxxxxxxxxxxxxx> wrote: > > > I did three things. > > ... > > .. and via iptables? > > it is possible allow only 2 or 3 access every 5/10 minutes with > --limit-burst option? you're being kind of vague here. is it 2 or 3? is it every 5 or 10 minutes? once upon a time, i figured out how the whole "--limit" and "limit-burst" thing worked, and the man page really makes it more complicated than it has to be. consider an example involving both of: --limit 5/minute --limit-burst 10 think of the above as follows: you start with a bucket (for you statisticians, that would be "urn") with 10 tokens. every time you get an arrival that you're limiting, you pay for it with a token out of the urn. 5 times per minute (every 12 seconds), a token is dropped into the bucket for you to regularly replenish your supply. but the limit-burst means you are never allowed to hold more than 10 tokens at a time. so how does a burst affect this? if you suddenly get whacked hard with lots of packets, you have enough tokens to allow the first 10, after which you reject all the rest except for one every 12 seconds, when you get a new token in the urn, and you use that new token almost immediately if you're getting lots of traffic. only when things slow down do you get the chance to start gradually building up your stock of tokens in the urn (again, up to a maximum of 10). rday p.s. hmmm ... i just checked the iptables man page and, strangely, it seems to follow the above explanation a lot more closely than it used to. how odd.
