Hello, I'm trying to get the `limit' match support in iptables/netfilter to be inverted in the sense that it only matches when the limit has been exceeded. For instance, to log a flood:
iptables -I INPUT -m limit ! --limit 1/s -j LOG However, for some reason, the `!' flag does not seem to change the behavior of the limit match module, and it continues to match until the limit is exceeded. Does anyone have any ideas or solutions? Regards, Alex. --- PGP/GPG Fingerprint: EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM>CC/IT d- s:+ a16 C++(++++)>$ UL++++>$ P--- L++>++$ E+ W+(-) N+ o? K? w---() !O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ G>+++ e--> h! !r y>+++ ------END GEEK CODE BLOCK------