Commit 085e7784 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

limit packet/connection rate per source IP

parent e516d40f
......@@ -212,7 +212,7 @@ function Filter:extraoptfrags()
if count > RECENT_MAX_COUNT then
ofrags = {
{
opts='-m limit --limit '..count..'/second',
opts='-m hashlimit --hashlimit-upto '..count..'/second --hashlimit-mode srcip --hashlimit-name '..chain,
target=logchain(self.log, 'accept', 'ACCEPT')
},
{target='DROP'}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment