summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/vidhar/ruleset.nft10
1 files changed, 4 insertions, 6 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index ae3bb694..5263f97e 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -1,6 +1,6 @@
1table inet filter { 1table inet filter {
2 chain reject-rl { 2 limit lim_reject {
3 limit rate over 1000 / second burst 1000 packets counter drop 3 rate over 1000 / second burst 1000 packets
4 } 4 }
5 5
6 6
@@ -17,11 +17,10 @@ table inet filter {
17 meta l4proto igmp counter accept 17 meta l4proto igmp counter accept
18 18
19 19
20 limit name lim_reject log prefix "drop forward: " counter drop
20 log prefix "reject forward: " counter 21 log prefix "reject forward: " counter
21 jump reject-rl
22 meta l4proto tcp ct state new counter reject with tcp reset 22 meta l4proto tcp ct state new counter reject with tcp reset
23 ct state new counter reject 23 ct state new counter reject
24 counter
25 } 24 }
26 25
27 chain input { 26 chain input {
@@ -46,11 +45,10 @@ table inet filter {
46 meta l4proto igmp counter accept 45 meta l4proto igmp counter accept
47 46
48 47
48 limit name lim_reject log prefix "drop input: " counter drop
49 log prefix "reject input: " counter 49 log prefix "reject input: " counter
50 jump reject-rl
51 meta l4proto tcp ct state new counter reject with tcp reset 50 meta l4proto tcp ct state new counter reject with tcp reset
52 ct state new counter reject 51 ct state new counter reject
53 counter
54 } 52 }
55 53
56 chain output { 54 chain output {