what does limit log messages 10/minute do? log ten minutes then stop or log every ten minutes?
After reaching the default burst rate limit (which is 5), the system will log 10 packets per minute, which roughly means one packet every 6 seconds.
IMO the minimum meaningful value (if you really want to inspect the rejected traffic) is 5/sec.
What value should I use there?
A numeric value express in minute (i.e. 5 or 10) or a keyword combination (5/sec or 5/second or 600/m)?
What keyword can I use (sec, second, min)?
The limit specifies the maximum average number of matches (packets) to allow for a given time period.
You can also use parts of the time units:
3/second is the same as