On Thu, Jan 06, 2011 at 05:28:43PM +0100, Marco Padovan wrote: > The single bucket is problematic due to how we manage the gameservers, will > update the status this evening :p
So I came across this in the iptables man page... ---- hashlimit This patch adds a new match called 'hashlimit'. The idea is to have something like 'limit', but either per destination-ip or per (destip,destport) tuple. It gives you the ability to express '1000 packets per second for every host in 192.168.0.0/16' '100 packets per second for every service of 192.168.1.1' with a single iptables rule. ---- So you can use hashlimit for a 20 pps for each port solution, still with just a single rule. iptables -m hashlimit --hashlimit 20/s --hashlimit-mode destip-destport (might also need --hashlimit-htable-size/max/, not sure...) Regards frostschutz _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux