Shorewall users - Mar 2009 - Two ways to rate limit. Which to use?

In rules you can specify a rate limit, or there is the limit action.  So 
for SSH are these the same?

ACCEPT   Pub   fw   tcp   ssh   -   -   3/min

Limit:none:SSHA,3,60   Pub               fw            tcp         ssh


What are the advantages of one over the other?



------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com

Robert Moskowitz wrote:
> In rules you can specify a rate limit, or there is the limit action.  So 
> for SSH are these the same?
> 
> ACCEPT   Pub   fw   tcp   ssh   -   -   3/min
> 
> Limit:none:SSHA,3,60   Pub               fw            tcp         ssh
> 
> 
> What are the advantages of one over the other?
The first limits the aggregate rate -- the second limits the rate from
each individual remote address. I think the available documentation for
both should be clear.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com