1 This patch adds a new match called 'hashlimit'. 2 The idea is to have something like 'limit', but either per 3 destination-ip or per (destip,destport) tuple. 4 5 It gives you the ability to express 6 .IP 7 '1000 packets per second for every host in 192.168.0.0/16' 8 .IP 9 '100 packets per second for every service of 192.168.1.1' 10 .P 11 with a single iptables rule. 12 .TP 13 .BI "--hashlimit " "rate" 14 A rate just like the limit match 15 .TP 16 .BI "--hashlimit-burst " "num" 17 Burst value, just like limit match 18 .TP 19 .BI "--hashlimit-mode " "destip | destip-destport" 20 Limit per IP or per port 21 .TP 22 .BI "--hashlimit-name " "foo" 23 The name for the /proc/net/ipt_hashlimit/foo entry 24 .TP 25 .BI "--hashlimit-htable-size " "num" 26 The number of buckets of the hash table 27 .TP 28 .BI "--hashlimit-htable-max " "num" 29 Maximum entries in the hash 30 .TP 31 .BI "--hashlimit-htable-expire " "num" 32 After how many miliseconds do hash entries expire 33 .TP 34 .BI "--hashlimit-htable-gcinterval " "num" 35 How many miliseconds between garbage collection intervals 36
