[NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6

Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Patrick McHardy <kaber@trash.net> 2006-11-29 02:35:36 +0100
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-02 21:31:31 -0800
commit: 39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e (patch)
tree: 708126eec291a8f7105751c656fb50a6091ec97e /net/netfilter/Kconfig
parent: [NETFILTER]: nfnetlink_log: remove useless prefix length limitation (diff)
download: linux-dev-39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e.tar.xz
linux-dev-39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f619c6527266..7e6125467c12 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -464,5 +464,19 @@ config NETFILTER_XT_MATCH_TCPMSS
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
+config NETFILTER_XT_MATCH_HASHLIMIT
+	tristate '"hashlimit" match support'
+	depends on NETFILTER_XTABLES
+	help
+	  This option adds a `hashlimit' match.
+
+	  As opposed to `limit', this match dynamically creates a hash table
+	  of limit buckets, based on your selection of source/destination
+	  addresses and/or ports.
+
+	  It enables you to express policies like `10kpps for any given
+	  destination address' or `500pps from any given source address'
+	  with a single rule.
+
 endmenu
author	Patrick McHardy <kaber@trash.net>	2006-11-29 02:35:36 +0100
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-02 21:31:31 -0800
commit	39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e (patch)
tree	708126eec291a8f7105751c656fb50a6091ec97e /net/netfilter/Kconfig
parent	[NETFILTER]: nfnetlink_log: remove useless prefix length limitation (diff)
download	linux-dev-39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e.tar.xz linux-dev-39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e.zip