[cod] Some new cool iptables!
Boyd G. Gafford Ph.D.
drboyd at westportresearch.com
Fri Mar 9 18:07:41 EST 2012
Using that now to rate limit the players. I was getting lots of error
messages in the kernel log when I was using -hashlimit everywhere...
/Boyd/
On 03/09/2012 04:58 PM, Ruediger Meier wrote:
> On Friday 09 March 2012, Boyd G. Gafford Ph.D. wrote:
>> Limit per IP is done via the --hashlimit module, and the kernel can
>> get hit hard if try to hash millions of random IPs and allocate the
>> memory for them.
>>
>> If there is another way to limit by IP besides --hashlimit that
>> doesn't require dynamic allocation I'm all ears!
> what about
>
> --hashlimit-htable-size buckets
> The number of buckets of the hash table
>
> --hashlimit-htable-max entries
> Maximum entries in the hash.
>
> --hashlimit-htable-expire msec
> After how many milliseconds do hash entries expire
>
> --hashlimit-htable-gcinterval msec
> How many milliseconds between garbage collection
>
>
> Since all your limit rules are per 1 second anyway you can keep the hash
> tables very small.
>
> cu,
> Rudi
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20120309/d6acd404/attachment.htm>
More information about the cod
mailing list