Hi!
On Sun, Jun 22, 2008 at 11:29 PM, howard chen <howachen_at_gmail.com> wrote:
> Hi,
>
> On Sun, Jun 22, 2008 at 1:23 AM, Jose Ildefonso Camargo Tolosa
>> for 1: maybe iptables + l7filter ( http://l7-filter.sourceforge.net/ ).
>> for 2: iptables, yup, plain iptables.
>> for 3. not sure... but maybe iptables + l7filter too.
>>
>
> All the problem with iptables is it is NOT suitable to handle a lot of
> rules, it has been discussed in netfilter mailing list before...
It didn't sounded like you needed *a lot* of rules. Rate limit, well,
a basic rate limit (connections/minute) would take around two~three
rules (I don't remember right now).
You should have said that you needed to handle > X rules (replace X
with your number), and even more if you knew that your number was well
"above normal". I agree, you should describe your requirements, so
that we can be more useful.
Ildefonso.
Received on Sun Jun 22 2008 - 15:15:26 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 22 2008 - 12:00:04 MDT