summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-14 01:40:35 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-14 01:40:35 +0100
commit7fe1f214d75b28c7b668f95a7299dae545c41e27 (patch)
tree1b050d725ce0dc187d47807fe604544d52d1d7c4
parentee5815f8cf8c51c0de021889b39726fdb9053764 (diff)
downloadap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar
ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.gz
ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.bz2
ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.xz
ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.zip
...
Diffstat
-rw-r--r--files/files/etc/ruleset.nft9
1 files changed, 9 insertions, 0 deletions
diff --git a/files/files/etc/ruleset.nft b/files/files/etc/ruleset.nft
index 7767eb6..f1c8168 100644
--- a/files/files/etc/ruleset.nft
+++ b/files/files/etc/ruleset.nft
@@ -1,6 +1,15 @@
1define icmp_protos = { ipv6-icmp, icmp, igmp } 1define icmp_protos = { ipv6-icmp, icmp, igmp }
2 2
3table inet filter { 3table inet filter {
4 limit lim_reject {
5 rate over 1000/second burst 1000 packets
6 }
7
8 limit lim_icmp {
9 rate over 50 mbytes/second burst 50 mbytes
10 }
11
12
4 counter icmp-ratelimit-fw {} 13 counter icmp-ratelimit-fw {}
5 14
6 counter icmp-fw {} 15 counter icmp-fw {}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 06:15:58 +0000