From 68146dad91611bd8d6d12c8ba27219130d99607b Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Wed, 22 Jun 2011 11:18:19 +0200
Subject: libxt_hashlimit: use a more obvious expiry value by default

Due to the previous default expiry of 10 sec, "--hashlimit 1/min"
would allow matching up to 6/min if a properly timed. To do what the
user expects, the minimum expiry must equal the selected time quantum
however.

Cc: Jan Rovner <jan.rovner@diadema.cz>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 tests/options-most.rules | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tests')

diff --git a/tests/options-most.rules b/tests/options-most.rules
index 2b419e57..7298a1f9 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -87,6 +87,11 @@
 -A matches
 -A matches -p esp -m esp --espspi 5:4294967295
 -A matches
+-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1
+-A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2
+-A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3
+-A matches -m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini4
+-A matches
 -A matches -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21
 -A matches
 -A matches -m length --length 1
-- 
cgit v1.2.3