>> 2. In the *Action *description the very last line says "Also an action
>> can be limited using the /limit tag/." What limit tag does the statement
>> refer to?
>
>
> The limit tag is described in Log.
The thing is that 'limit tag' term is not used in the description of
the Log element. Please use the 'limit tag' term in the description of
the Log element at least once. For consistency it'll also be a good
idea to include that extra option in the description of the Action
element, like this:
accept | reject [type="reject type"] | drop [limit value="rate/duration"]
For me this rises another question. What does it mean to limit, say,
an accept action to once a day? Does it mean that only one connection
attempt a day will be let through the firewall and all other attempts
be dropped? Will they be dropped with a drop action? How about reject
action (if once a day) -- will the first connection attempt be
rejected with ICMP message and all other attempts be dropped? And for
the drop action rate limiting will not change anything then. Please
clarify.

Well, after some tests I see that what I suggested is not true. The 'limit tag' doesn't limit connection attempts. So what exactly does the limit tag do for the action? Please consider the following example and explain me the functional difference:

firewall-cmd --add-rich-rule='rule family=ipv4 service name=http accept limit value=1/m'

firewall-cmd --add-rich-rule='rule family=ipv4 service name=http accept'

Thank you,

Rufe