diff options
Diffstat (limited to 'hosts/vidhar/ruleset.nft')
| -rw-r--r-- | hosts/vidhar/ruleset.nft | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft index 100d9823..8421f78a 100644 --- a/hosts/vidhar/ruleset.nft +++ b/hosts/vidhar/ruleset.nft | |||
| @@ -1,5 +1,34 @@ | |||
| 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } | 1 | define icmp_protos = { ipv6-icmp, icmp, igmp } |
| 2 | 2 | ||
| 3 | table arp filter { | ||
| 4 | limit lim_arp_local { | ||
| 5 | rate over 50 mbytes/second burst 50 mbytes | ||
| 6 | } | ||
| 7 | limit lim_arp_dsl { | ||
| 8 | rate over 1400 kbytes/second burst 1400 kbytes | ||
| 9 | } | ||
| 10 | |||
| 11 | chain input { | ||
| 12 | type filter hook input priority filter | ||
| 13 | policy accept | ||
| 14 | |||
| 15 | oifname != dsl limit name lim_arp_local counter drop | ||
| 16 | oifname dsl limit name lim_arp_dsl counter drop | ||
| 17 | |||
| 18 | counter | ||
| 19 | } | ||
| 20 | |||
| 21 | chain output { | ||
| 22 | type filter hook output priority filter | ||
| 23 | policy accept | ||
| 24 | |||
| 25 | oifname != dsl limit name lim_arp_local counter drop | ||
| 26 | oifname dsl limit name lim_arp_dsl counter drop | ||
| 27 | |||
| 28 | counter | ||
| 29 | } | ||
| 30 | } | ||
| 31 | |||
| 3 | table inet filter { | 32 | table inet filter { |
| 4 | limit lim_reject { | 33 | limit lim_reject { |
| 5 | rate over 1000/second burst 1000 packets | 34 | rate over 1000/second burst 1000 packets |