Home / server / Questions / 1147890
Accepted
Karma Yogi
Asked: 2023-11-15 13:43:42 +0800 CST

What is the minimum and maximum value for --limit option in iptables?

  • 772

I have below iptable rule

iptables -A PRIO_IN -p tcp -s 203.0.113.0 --sport 5432 -d 203.0.113.0 --dport 5432 -j ACCEPT -m limit --limit 100000/sec

When i run this rule, i get error as Rate too fast 100000/sec.

So I want to what is the minimum and maximum value we can pass to --limit option with per sec, per min and per hour

iptables

1 Answers

  1. Best Answer

    TL;DR: The max value is 10000

    Looking at the source code, in xt_limit.h the constant XT_LIMIT_SCALE is defined as:

    #define XT_LIMIT_SCALE 10000

    with the comment:

    /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 seconds, or one every 59 hours. */

    The constant is then used in the parse_rate() function in libxt_limit.c, which parses the argument:

    *val = XT_LIMIT_SCALE * mult / r;
if (*val == 0)
    /*
     * The rate maps to infinity. (1/day is the minimum they can
     * specify, so we are ok at that end).
     */
    xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"", rate);

    In your case this means:

    mult is defined as 1 for seconds, so the equation ends up as:

    10000 * 1 / 100000

    The result is then 0.1 which is then rounded to 0, raising the error message.

    So basically the maximum for each time period is the number of seconds in the time period * 10000

    interval seconds max value
    second 1 10000
    minute 60 600000
    hour 60*60 36000000
    day 24*60*60 864000000
    • 3