On Thu, 4 Sep 2008, Tom Eastep wrote:
>> - I do not understand well what the 'set name' means (the SSHA) ...
> It is the name of a set of counters and is only meaningful if you have more
> than one Limit rule. Limit rules that share the same set name share the same
> set of counters.
OK.
The technique is called 'Limiting Per-IP Connection Rate'. From this
I understand the limit (e.g. max 3 per minute) is applied independently
for different incoming IPs. Is that correct?
Is the 'set of counters' for a given minute, the array of SSH-access
requesting IP-addresses with their number of trials recorded so far in
the minute?
- Someone else on the mailing list reported the use of the 'RATE LIMIT'
optional field in a rules line, e.g.:
SSH/ACCEPT net $FW - - - - 1/min:2
> "You should replace the third line with that new rule. You probably also
> want to replace the fourth rule as well."
- To enable Limits, an original line as below
ACCEPT net serv tcp 22
is replaced by
Limit:info:SSHA,3,60 net serv tcp 22
So, was this RATE LIMIT field introduced to enable a combination of
rule syntax using macro's, such as SSH/ACCEPT in the Action field
with a Limit Action?
- It is not clear to me what the 'burst' parameter means in the
[-|rate/{sec/min}[:burst] man page description (note: a ] too short..)
Thanks for your help!
Pieter
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
