1 files changed, 29 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 100d9823..8421f78a 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -1,5 +1,34 @@
 define icmp_protos = { ipv6-icmp, icmp, igmp }
+table arp filter {
+  limit lim_arp_local {
+    rate over 50 mbytes/second burst 50 mbytes
+  }
+  limit lim_arp_dsl {
+    rate over 1400 kbytes/second burst 1400 kbytes
+  }
+  chain input {
+    type filter hook input priority filter
+    policy accept
+    oifname != dsl limit name lim_arp_local counter drop
+    oifname dsl limit name lim_arp_dsl counter drop
+    counter
+  }
+  chain output {
+    type filter hook output priority filter
+    policy accept
+    oifname != dsl limit name lim_arp_local counter drop
+    oifname dsl limit name lim_arp_dsl counter drop
+    counter
+  }
+}
 table inet filter {
  limit lim_reject {
    rate over 1000/second burst 1000 packets

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 100d9823..8421f78a 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft
@@ -1,5 +1,34 @@
1	define icmp_protos = { ipv6-icmp, icmp, igmp }	1	define icmp_protos = { ipv6-icmp, icmp, igmp }
2		2
		3	table arp filter {
		4	limit lim_arp_local {
		5	rate over 50 mbytes/second burst 50 mbytes
		6	}
		7	limit lim_arp_dsl {
		8	rate over 1400 kbytes/second burst 1400 kbytes
		9	}
		10
		11	chain input {
		12	type filter hook input priority filter
		13	policy accept
		14
		15	oifname != dsl limit name lim_arp_local counter drop
		16	oifname dsl limit name lim_arp_dsl counter drop
		17
		18	counter
		19	}
		20
		21	chain output {
		22	type filter hook output priority filter
		23	policy accept
		24
		25	oifname != dsl limit name lim_arp_local counter drop
		26	oifname dsl limit name lim_arp_dsl counter drop
		27
		28	counter
		29	}
		30	}
		31
3	table inet filter {	32	table inet filter {
4	limit lim_reject {	33	limit lim_reject {
5	rate over 1000/second burst 1000 packets	34	rate over 1000/second burst 1000 packets