measure rate of initiated HTTPs connnections
I do wonder why the follwoing iptables rule does fire more often than expected althought there're much less (<100) new outgoing Tor exit connections within 1 second at my Tor exit relay: /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 2000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG -- Toralf PGP C4EACDDE 0076E94E
That's because this rule matches on connection count >2000 with mask 0 => so results in: more than 2000 connections to anywhere the second limit is for log action only. On Fri, 2 Feb 2018 at 22:12 Toralf Förster <toralf.foerster@gmx.de> wrote:
I do wonder why the follwoing iptables rule does fire more often than expected althought there're much less (<100) new outgoing Tor exit connections within 1 second at my Tor exit relay:
/sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 2000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG
-- Toralf PGP C4EACDDE 0076E94E
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (2)
-
r1610091651 -
Toralf Förster