From 58207bb276aec3e1c2acc7c6fcbb137b6c654f97 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 13 Dec 2021 21:07:41 +0100 Subject: surtr: nftables... --- hosts/surtr/ruleset.nft | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'hosts/surtr') diff --git a/hosts/surtr/ruleset.nft b/hosts/surtr/ruleset.nft index f353d855..0a6e75a6 100644 --- a/hosts/surtr/ruleset.nft +++ b/hosts/surtr/ruleset.nft @@ -1,19 +1,15 @@ define icmp_protos = { ipv6-icmp, icmp, igmp } table arp filter { - limit lim_arp_local { + limit lim_arp { rate over 50 mbytes/second burst 50 mbytes } - limit lim_arp_dsl { - rate over 1400 kbytes/second burst 1400 kbytes - } chain input { type filter hook input priority filter policy accept - iifname != dsl limit name lim_arp_local counter drop - iifname dsl limit name lim_arp_dsl counter drop + limit name lim_arp counter drop counter } @@ -22,8 +18,7 @@ table arp filter { type filter hook output priority filter policy accept - oifname != dsl limit name lim_arp_local counter drop - oifname dsl limit name lim_arp_dsl counter drop + limit name lim_arp counter drop counter } -- cgit v1.2.3