From c6775d6c192f7e337360f238cc3ab224a406d5b8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Jul 2010 21:23:05 +0200 Subject: doc: consistent use of markup Signed-off-by: Jan Engelhardt --- extensions/libxt_hashlimit.man | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'extensions/libxt_hashlimit.man') diff --git a/extensions/libxt_hashlimit.man b/extensions/libxt_hashlimit.man index b870f550..e91d0c63 100644 --- a/extensions/libxt_hashlimit.man +++ b/extensions/libxt_hashlimit.man @@ -1,7 +1,7 @@ -\fBhashlimit\fR uses hash buckets to express a rate limiting match (like the -\fBlimit\fR match) for a group of connections using a \fBsingle\fR iptables +\fBhashlimit\fP uses hash buckets to express a rate limiting match (like the +\fBlimit\fP match) for a group of connections using a \fBsingle\fP iptables rule. Grouping can be done per-hostgroup (source and/or destination address) -and/or per-port. It gives you the ability to express "\fIN\fR packets per time +and/or per-port. It gives you the ability to express "\fIN\fP packets per time quantum per group": .TP matching on source host @@ -17,11 +17,11 @@ A hash limit option (\fB\-\-hashlimit\-upto\fP, \fB\-\-hashlimit\-above\fP) and \fB\-\-hashlimit\-name\fP are required. .TP \fB\-\-hashlimit\-upto\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP] -Match if the rate is below or equal to \fIamount\fR/quantum. It is specified as +Match if the rate is below or equal to \fIamount\fP/quantum. It is specified as a number, with an optional time quantum suffix; the default is 3/hour. .TP \fB\-\-hashlimit\-above\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP] -Match if the rate is above \fIamount\fR/quantum. +Match if the rate is above \fIamount\fP/quantum. .TP \fB\-\-hashlimit\-burst\fP \fIamount\fP Maximum initial number of packets to match: this number gets recharged by one @@ -36,7 +36,7 @@ expensive of doing the hash housekeeping. \fB\-\-hashlimit\-srcmask\fP \fIprefix\fP When \-\-hashlimit\-mode srcip is used, all source addresses encountered will be grouped according to the given prefix length and the so-created subnet will be -subject to hashlimit. \fIprefix\fR must be between (inclusive) 0 and 32. Note +subject to hashlimit. \fIprefix\fP must be between (inclusive) 0 and 32. Note that \-\-hashlimit\-srcmask 0 is basically doing the same thing as not specifying srcip for \-\-hashlimit\-mode, but is technically more expensive. .TP -- cgit v1.2.3