#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK wan vps ACCEPT vps wan ACCEPT fw all ACCEPT all all REJECT
就 policy 在 iptable 會建立
Chain fw2vps (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain fw2wan (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
POLICY:
- ACCEPT
- DROP
- REJECT
- QUEUE
LOG LEVEL:
- log-level
- ULOG
BURST:LIMIT:
When s: or d: is specified, the rate applies per source IP address or per destination IP address respectively.
Example: 4/min:5
Connections = 4
Unit of time = 1 minute
Interval = 1 minute/4 = 15 seconds.
Burst = 5
As each connection arrives,if the burst count is > 0 the burst count is reduced by one and the connection is accepted. After each interval (15 seconds) that passes without a connection arriving, the burst count is incremented by 1 but is not allowed to exceed its initial setting (5).