Use hashlimit match for high flow-limits
The recent match allows only using small packet counts (20 or under) due to memory requirements (each recent packet’s timestamp is recorded). While this gives perfectly accurate flow-limit, it does not allow high rate limits which is practical DoS prevention.
awall should automatically turn high rate limits to use hashlimit, which uses quantum based non-exact limiting.
(from redmine: issue id 1583, created on 2013-01-24, closed on 2013-02-08)
- Changesets:
- Revision 57aa0ad0 by Kaarle Ritvanen on 2013-01-30T09:12:40Z:
handle limit counts greater than max packet count for xt_recent
fixes #1583