From 549510a00c5983eb200ab74fe7fc884d28301423 Mon Sep 17 00:00:00 2001 From: Yasuyuki KOZAKAI Date: Thu, 29 Nov 2007 04:35:06 +0000 Subject: Move libipt_hashlimit.man to libxt_hashlimit.man for ip6tables.8 --- extensions/libipt_hashlimit.man | 35 ----------------------------------- extensions/libxt_hashlimit.man | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 35 deletions(-) delete mode 100644 extensions/libipt_hashlimit.man create mode 100644 extensions/libxt_hashlimit.man (limited to 'extensions') diff --git a/extensions/libipt_hashlimit.man b/extensions/libipt_hashlimit.man deleted file mode 100644 index c8128ec1..00000000 --- a/extensions/libipt_hashlimit.man +++ /dev/null @@ -1,35 +0,0 @@ -This patch adds a new match called 'hashlimit'. -The idea is to have something like 'limit', but either per -destination-ip or per (destip,destport) tuple. - -It gives you the ability to express -.IP - '1000 packets per second for every host in 192.168.0.0/16' -.IP - '100 packets per second for every service of 192.168.1.1' -.P -with a single iptables rule. -.TP -.BI "--hashlimit " "rate" -A rate just like the limit match -.TP -.BI "--hashlimit-burst " "num" -Burst value, just like limit match -.TP -.BI "--hashlimit-mode " "dstip,srcip,dstport,srcport" -A comma-separated list of objects to take into consideration -.TP -.BI "--hashlimit-name " "foo" -The name for the /proc/net/ipt_hashlimit/foo entry -.TP -.BI "--hashlimit-htable-size " "num" -The number of buckets of the hash table -.TP -.BI "--hashlimit-htable-max " "num" -Maximum entries in the hash -.TP -.BI "--hashlimit-htable-expire " "num" -After how many miliseconds do hash entries expire -.TP -.BI "--hashlimit-htable-gcinterval " "num" -How many miliseconds between garbage collection intervals diff --git a/extensions/libxt_hashlimit.man b/extensions/libxt_hashlimit.man new file mode 100644 index 00000000..c8128ec1 --- /dev/null +++ b/extensions/libxt_hashlimit.man @@ -0,0 +1,35 @@ +This patch adds a new match called 'hashlimit'. +The idea is to have something like 'limit', but either per +destination-ip or per (destip,destport) tuple. + +It gives you the ability to express +.IP + '1000 packets per second for every host in 192.168.0.0/16' +.IP + '100 packets per second for every service of 192.168.1.1' +.P +with a single iptables rule. +.TP +.BI "--hashlimit " "rate" +A rate just like the limit match +.TP +.BI "--hashlimit-burst " "num" +Burst value, just like limit match +.TP +.BI "--hashlimit-mode " "dstip,srcip,dstport,srcport" +A comma-separated list of objects to take into consideration +.TP +.BI "--hashlimit-name " "foo" +The name for the /proc/net/ipt_hashlimit/foo entry +.TP +.BI "--hashlimit-htable-size " "num" +The number of buckets of the hash table +.TP +.BI "--hashlimit-htable-max " "num" +Maximum entries in the hash +.TP +.BI "--hashlimit-htable-expire " "num" +After how many miliseconds do hash entries expire +.TP +.BI "--hashlimit-htable-gcinterval " "num" +How many miliseconds between garbage collection intervals -- cgit v1.2.3