I have below iptable rule
iptables -A PRIO_IN -p tcp -s 203.0.113.0 --sport 5432 -d 203.0.113.0 --dport 5432 -j ACCEPT -m limit --limit 100000/sec
When i run this rule, i get error as Rate too fast 100000/sec.
So I want to what is the minimum and maximum value we can pass to --limit option with per sec, per min and per hour
TL;DR: The max value is 10000
Looking at the source code, in xt_limit.h the constant XT_LIMIT_SCALE is defined as:
#define XT_LIMIT_SCALE 10000
with the comment:
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 seconds, or one every 59 hours. */
The constant is then used in the parse_rate() function in libxt_limit.c, which parses the argument:
*val = XT_LIMIT_SCALE * mult / r;
if (*val == 0)
/*
* The rate maps to infinity. (1/day is the minimum they can
* specify, so we are ok at that end).
*/
xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"", rate);
In your case this means:
mult is defined as 1 for seconds, so the equation ends up as:
10000 * 1 / 100000
The result is then 0.1 which is then rounded to 0, raising the error message.
So basically the maximum for each time period is the number of seconds in the time period * 10000
| interval | seconds | max value |
|---|---|---|
| second | 1 | 10000 |
| minute | 60 | 600000 |
| hour | 60*60 | 36000000 |
| day | 24*60*60 | 864000000 |
