In case anyone has wondered how to limit pps per ip in a subnet, using hashlimit is the best bet… i.e:
iptables -A FORWARD -d 192.168.1.0/24 -m hashlimit –hashlimit 30/sec –hashlimit-mode dstip –hashlimit-name hosts -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j DROP
This will accept 30pps/sec for each ip, and drop anything faster after that. Each ip address will have it’s own rule of 30pps, while only creating one iptables rule.