From 2e1de64766421a90588d6a7dc345ec556bb69bff Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 9 Dec 2021 09:57:54 +0100
Subject: vidhar: nftables...

---
 hosts/vidhar/ruleset.nft | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'hosts/vidhar/ruleset.nft')

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index 100d9823..8421f78a 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -1,5 +1,34 @@
 define icmp_protos = { ipv6-icmp, icmp, igmp }
 
+table arp filter {
+  limit lim_arp_local {
+    rate over 50 mbytes/second burst 50 mbytes
+  }
+  limit lim_arp_dsl {
+    rate over 1400 kbytes/second burst 1400 kbytes
+  }
+
+  chain input {
+    type filter hook input priority filter
+    policy accept
+
+    oifname != dsl limit name lim_arp_local counter drop
+    oifname dsl limit name lim_arp_dsl counter drop
+
+    counter
+  }
+
+  chain output {
+    type filter hook output priority filter
+    policy accept
+
+    oifname != dsl limit name lim_arp_local counter drop
+    oifname dsl limit name lim_arp_dsl counter drop
+
+    counter
+  }
+}
+
 table inet filter {
   limit lim_reject {
     rate over 1000/second burst 1000 packets
-- 
cgit v1.2.3