I’m testing limiting pps by dst-limit
from manual
dst-limit (integer/time{0,1},integer,dst-address | dst-port | src-address{+},time{0,1}) - limits the packet per second (pps) rate on a per destination IP or per destination port base. As opposed to the limit match, every destination IP address / destination port has it’s own limit.
then i set filter:
add chain=forward dst-limit=100,100,dst-address/1m40s action=accept comment="pps limit" \
disabled=no
add chain=forward action=drop comment="" disabled=no
i think this filter will be limiting 100 pps (and 100 pps burst) per ip in my network (192.168.1.0/24)
good thinking ?
or i must set dst-address=192.168.1.0/24 ?
and i must set add chain=forward action=drop or not ?
any sugestions or solutions ?
Thanks for ansfer …