summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_hashlimit.man
diff options
context:
space:
mode:
authorJonas Berlin <xkr47@outerspace.dyndns.org>2005-04-01 06:54:23 +0000
committerHarald Welte <laforge@gnumonks.org>2005-04-01 06:54:23 +0000
commitf33c46140f0e0a230aba5d739ce40cb14e066b13 (patch)
treee0d8b16f1fe5c33ce1bc2a0e2ab9a68f2e54f96c /extensions/libipt_hashlimit.man
parent4a06cf0bd2f5e18eb0149945724b0b4299eec5ea (diff)
add lots of man pages (Jonas Berlin)
Diffstat (limited to 'extensions/libipt_hashlimit.man')
-rw-r--r--extensions/libipt_hashlimit.man35
1 files changed, 35 insertions, 0 deletions
diff --git a/extensions/libipt_hashlimit.man b/extensions/libipt_hashlimit.man
new file mode 100644
index 00000000..1b0a5d44
--- /dev/null
+++ b/extensions/libipt_hashlimit.man
@@ -0,0 +1,35 @@
+This patch adds a new match called 'hashlimit'.
+The idea is to have something like 'limit', but either per
+destination-ip or per (destip,destport) tuple.
+
+It gives you the ability to express
+.IP
+ '1000 packets per second for every host in 192.168.0.0/16'
+.IP
+ '100 packets per second for every service of 192.168.1.1'
+.P
+with a single iptables rule.
+.TP
+.BI "--hashlimit " "rate"
+A rate just like the limit match
+.TP
+.BI "--hashlimit-burst " "num"
+Burst value, just like limit match
+.TP
+.BI "--hashlimit-mode " "destip | destip-destport"
+Limit per IP or per port
+.TP
+.BI "--hashlimit-name " "foo"
+The name for the /proc/net/ipt_hashlimit/foo entry
+.TP
+.BI "--hashlimit-htable-size " "num"
+The number of buckets of the hash table
+.TP
+.BI "--hashlimit-htable-max " "num"
+Maximum entries in the hash
+.TP
+.BI "--hashlimit-htable-expire " "num"
+After how many miliseconds do hash entries expire
+.TP
+.BI "--hashlimit-htable-gcinterval " "num"
+How many miliseconds between garbage collection intervals