Limit matches

This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the `!' flag is used). It can be used in combination with the LOG target to give limited logging, for example.

iptables -A INPUT --match limit --limit 10/second --limit-burst 5 -j ACCEPT

iptables -A INPUT --match limit --limit 2/hour --limit-burst 10 -j LOG