Support
Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland
|
 Posted: Wed Oct 09, 02 17:47 Post subject: How do the filtering parameters work? |
 |
|
Here is a filter example...
| Code: | D.Port=20-21
Protocol=tcp
Limit=6/h
Burst=5
Action=log |
This example shows how the limit parameter and burst parameter affect the actions they are associated with. The first 5 packets with a destination port of 80 will activate this rule when the burst parameter is set to 5. After this it will be 10 minutes before another packet with a destination port of 20-21 will activate this rule due to the limit parameter being set at 6 per hour (1 every 10 minutes).
For every 10 minutes that go by without a packet whose destination port is 20-21, 1 of the burst counters will be regained. If 50 minutes go by and no packets are found with a destination port of 20-21 then the entire burst parameter of 5 is restored and 50 minutes would be considered the recharge time.
We recommend making a test using Syslog messages so that you can watch when a packet is caught in the filters. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
