#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK

wan     vps     ACCEPT
vps     wan     ACCEPT
fw      all     ACCEPT
all     all     REJECT

就 policy 在 iptable 會建立

Chain fw2vps (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain fw2wan (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

POLICY:

• ACCEPT
• DROP
• REJECT
• QUEUE

LOG LEVEL:

• log-level
• ULOG

BURST:LIMIT:

When s: or d: is specified, the rate applies per source IP address or per destination IP address respectively.

Example: 4/min:5
Connections = 4
Unit of time = 1 minute
Interval = 1 minute/4 = 15 seconds.
Burst = 5

As each connection arrives,if the burst count is > 0 the burst count is reduced by one and the connection is accepted. After each interval (15 seconds) that passes without a connection arriving, the burst count is incremented by 1 but is not allowed to exceed its initial setting (5).