add limit description

1 files changed, 16 insertions, 0 deletions

diff --git a/userspace/ebtables2/ebtables.8 b/userspace/ebtables2/ebtables.8
index e9ee66f..43dcf57 100644
--- a/userspace/ebtables2/ebtables.8
+++ b/userspace/ebtables2/ebtables.8
@@ -556,6 +556,22 @@ The destination port or port range for ip protocols 6 (TCP) and
 17 (UDP). The flag
 .B --ip-dport
 is an alias for this option.
+.SS limit
+Matches at a limited rate using a token bucket filter. A rule using
+this extension will match until this limit is reached (unless the '!'
+flag is used). It can be used in combination with the log watcher to
+give limited logging, for example. The usage/implementation is completely
+similar to that of the iptables limit match.
+.TP
+.BR --limit " \fIrate"
+Maximum average matching rate: specified as a number, with an optional
+'/second', '/minute', '/hour', or '/day' suffix; the default is 3/hour.
+.TP
+.BR --limit-burst " \fInumber"
+Maximum initial number of packets to match: this number gets recharged by
+one every time the limit specified above is not reached, up to this number;
+the default is 5.
+
 .SS mark_m
 .TP
 .BR "--mark " "[!] [\fIvalue\fP][/\fImask\fP]"