IPtables Rate-Limit – Differences Between Recent and Limit Modules


I am doing some rate-limiting with IPtables, and i'm not sure if I should use "Recent" or "Limit"

What are the differences between the two? If they both achieve the same result, which one has better performance? I would like to know, regardless if any difference would be perceivable.

I am looking to ACCEPT if under limit, and REJECT if over. I'm not interested in thus bandwidth throttling, I don't want a queue.

I don't need any syntax examples, both have ample use examples online. I have also used Limit in the past.

I appreciate any responses.

Best Answer

I think this link explains both modules in good detail.

In short, the limit module puts a limit on the number of times a rule can be matched. The recent module enables you to create a dynamic list of IPs and then use this list to match in other rules differently (do special NATing, deny access, etc..).