5

I am doing some rate-limiting with IPtables, and i'm not sure if I should use "Recent" or "Limit"

What are the differences between the two? If they both achieve the same result, which one has better performance? I would like to know, regardless if any difference would be perceivable.

I am looking to ACCEPT if under limit, and REJECT if over. I'm not interested in thus bandwidth throttling, I don't want a queue.

I don't need any syntax examples, both have ample use examples online. I have also used Limit in the past.

I appreciate any responses.

J. M. Becker
  • 2,471
  • 1
  • 17
  • 21
  • 4
    If I recall, limit is on all connections matching the rule (i.e. not IP specific - ignore the rule for everyone after the limit is reached) whereas recent is IP specific (ignore the rule only for the specific IP once the criteria are reached). Other things being equal (i.e. I haven't tested it), it would stand to reason that limit has better performance than recent, since it is simpler - it doesn't need to track individual IPs/times. – cyberx86 Nov 22 '11 at 04:11
  • It is surprising to see so many howtos use recent as a hackish Limit. I understand it is more flexible, but I also assumed Limit would perform better. – J. M. Becker Nov 22 '11 at 08:51
  • An important aspect to `recent` is the fact that it tracks IPs with a maximum of 100 per list. So if you expect many more hits within the allowed time frame, you may run out of room quickly. – Alexis Wilke Nov 14 '22 at 19:34

1 Answers1

3

I think this link explains both modules in good detail.

In short, the limit module puts a limit on the number of times a rule can be matched. The recent module enables you to create a dynamic list of IPs and then use this list to match in other rules differently (do special NATing, deny access, etc..).

Khaled
  • 36,533
  • 8
  • 72
  • 99