Limit match does not support invert, and without loss of backwards
compatibility, it won't anytime soon.  It doesn't help that the
iptables tutorial claims it does.

The userspace code tries to warn users it won't work, but only correctly
deals with one of the two possible invert cases:

# iptables -A foo -m limit --limit ! 1/sec
iptables v1.2.11: Unexpected `!' after --limit
Try `iptables -h' or 'iptables --help' for more information.

but not this one:

# iptables -A foo -m limit ! --limit 1/sec    

The below patch fixes this up, closing bugzilla #95, perhaps to the
chagrin of those who would like to see limit support invert.

Phil