According to the manpage for iptables:
limit
This module matches at a limited rate using a token bucket
filter. A rule using this extension will match until this limit
is reached (unless the ‘!’ flag is used). It can be used in combination
with the LOG target to give limited logging, for example.
So why then do I get
# /sbin/iptables -t filter -A SYNFLOODCHECK -m limit --limit ! 151/s -j
DROP
iptables v1.3.5: limit does not support invert
Try `iptables -h' or 'iptables --help' for more information.
# /sbin/iptables -t filter -A SYNFLOODCHECK -m limit ! --limit 151/s -j
DROP
iptables v1.3.5: limit does not support invert
Try `iptables -h' or 'iptables --help' for more information.
Is the manpage wrong? Am I supposed to put the ! some place else?
Pat
limit
This module matches at a limited rate using a token bucket
filter. A rule using this extension will match until this limit
is reached (unless the ‘!’ flag is used). It can be used in combination
with the LOG target to give limited logging, for example.
So why then do I get
# /sbin/iptables -t filter -A SYNFLOODCHECK -m limit --limit ! 151/s -j
DROP
iptables v1.3.5: limit does not support invert
Try `iptables -h' or 'iptables --help' for more information.
# /sbin/iptables -t filter -A SYNFLOODCHECK -m limit ! --limit 151/s -j
DROP
iptables v1.3.5: limit does not support invert
Try `iptables -h' or 'iptables --help' for more information.
Is the manpage wrong? Am I supposed to put the ! some place else?
Pat