comp.os.linux.networking
back to index
From: David Brown
Date: Thursday, April 10, 2008 4:16 PM
Subject: Re: How to PREVENT a user from logging in through SSH
Andrew Gideon wrote:
> On Tue, 08 Apr 2008 18:10:54 +0200, David Brown wrote:
>
>> You can think of a rule with "-m limit --limit 3/minute --limit-burst 5"
>> as having a bucket with space for 5 tokens. A packet will only match
>> the rule if it can get a token from the bucket, and the bucket refills
>> at the rate of 3 per minute (1 per 20 seconds).
>
> I've never been clear on the exact meaning of "limit-burst", but I think
> your explanation might have finally crossed my confusion threshold.
>
> *If* I understand correctly, the idea is that 3/minute is the steady
> state limit. But if the system is sufficiently quiet (ie. no requests
> for the past 40 seconds), up to 5 connections can be permitted within a
> single "instant"? Is that right?
>
Yes, that's it. I think a lot of people find it difficult to figure out
until they can imagine a suitable analogy, and then it "clicks".
