diff options
Diffstat (limited to 'files')
| -rw-r--r-- | files/files/etc/ruleset.nft | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/files/files/etc/ruleset.nft b/files/files/etc/ruleset.nft index 7767eb6..f1c8168 100644 --- a/files/files/etc/ruleset.nft +++ b/files/files/etc/ruleset.nft | |||
| @@ -1,6 +1,15 @@ | |||
| 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } |
| 2 | 2 | ||
| 3 | table inet filter { | 3 | table inet filter { |
| 4 | limit lim_reject { | ||
| 5 | rate over 1000/second burst 1000 packets | ||
| 6 | } | ||
| 7 | |||
| 8 | limit lim_icmp { | ||
| 9 | rate over 50 mbytes/second burst 50 mbytes | ||
| 10 | } | ||
| 11 | |||
| 12 | |||
| 4 | counter icmp-ratelimit-fw {} | 13 | counter icmp-ratelimit-fw {} |
| 5 | 14 | ||
| 6 | counter icmp-fw {} | 15 | counter icmp-fw {} |