diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-14 01:40:35 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-14 01:40:35 +0100 |
| commit | 7fe1f214d75b28c7b668f95a7299dae545c41e27 (patch) | |
| tree | 1b050d725ce0dc187d47807fe604544d52d1d7c4 /files | |
| parent | ee5815f8cf8c51c0de021889b39726fdb9053764 (diff) | |
| download | ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.gz ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.bz2 ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.tar.xz ap01-7fe1f214d75b28c7b668f95a7299dae545c41e27.zip | |
...
Diffstat (limited to 'files')
| -rw-r--r-- | files/files/etc/ruleset.nft | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/files/files/etc/ruleset.nft b/files/files/etc/ruleset.nft index 7767eb6..f1c8168 100644 --- a/files/files/etc/ruleset.nft +++ b/files/files/etc/ruleset.nft | |||
| @@ -1,6 +1,15 @@ | |||
| 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } |
| 2 | 2 | ||
| 3 | table inet filter { | 3 | table inet filter { |
| 4 | limit lim_reject { | ||
| 5 | rate over 1000/second burst 1000 packets | ||
| 6 | } | ||
| 7 | |||
| 8 | limit lim_icmp { | ||
| 9 | rate over 50 mbytes/second burst 50 mbytes | ||
| 10 | } | ||
| 11 | |||
| 12 | |||
| 4 | counter icmp-ratelimit-fw {} | 13 | counter icmp-ratelimit-fw {} |
| 5 | 14 | ||
| 6 | counter icmp-fw {} | 15 | counter icmp-fw {} |