1 files changed, 16 insertions, 0 deletions
@@ -556,6 +556,22 @@ The destination port or port range for ip protocols 6 (TCP) and
17 (UDP). The flag
is an alias for this option.
+Matches at a limited rate using a token bucket filter. A rule using
+this extension will match until this limit is reached (unless the '!'
+flag is used). It can be used in combination with the log watcher to
+give limited logging, for example. The usage/implementation is completely
+similar to that of the iptables limit match.
+.BR --limit " \fIrate"
+Maximum average matching rate: specified as a number, with an optional
+'/second', '/minute', '/hour', or '/day' suffix; the default is 3/hour.
+.BR --limit-burst " \fInumber"
+Maximum initial number of packets to match: this number gets recharged by
+one every time the limit specified above is not reached, up to this number;
+the default is 5.
.BR "--mark " "[!] [\fIvalue\fP][/\fImask\fP]"