[email protected] said: > -A INPUT --protocol udp --dport ntp --match limit --limit 5/min --jump LOG > --log-level debug --log-prefix "Dropped, NTP ratelimit: "
Will that let through all 8 packets from an iburst? How much kernel memory will that use on a busy server? How do things like "--limit 5/min" actually work? Or where are the details described? Correctly answering "5 within the last minute" requires saving the time stamps for all the packets within the last minute. That is obviously not practical. I'd guess it's something like the typical exponential backoff. X = X + 1 when a packet arrives X = X*0.9 each second (with the right value of 0.9 for minute or hour) I guess it gets garbage collected when the value falls below a threshold. -- These are my opinions. I hate spam. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
