From 1f3b17295865aec3eefeb0d8faece57eafe958a4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 8 Dec 2021 21:46:34 +0100
Subject: vidhar: nftables: named reject limit

---
 hosts/vidhar/ruleset.nft | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'hosts')

diff --git a/hosts/vidhar/ruleset.nft b/hosts/vidhar/ruleset.nft
index ae3bb694..5263f97e 100644
--- a/hosts/vidhar/ruleset.nft
+++ b/hosts/vidhar/ruleset.nft
@@ -1,6 +1,6 @@
 table inet filter {
-  chain reject-rl {
-    limit rate over 1000 / second burst 1000 packets counter drop
+  limit lim_reject {
+    rate over 1000 / second burst 1000 packets
   }
 
 
@@ -17,11 +17,10 @@ table inet filter {
     meta l4proto igmp counter accept
 
 
+    limit name lim_reject log prefix "drop forward: " counter drop
     log prefix "reject forward: " counter
-    jump reject-rl
     meta l4proto tcp ct state new counter reject with tcp reset
     ct state new counter reject
-    counter
   }
 
   chain input {
@@ -46,11 +45,10 @@ table inet filter {
     meta l4proto igmp counter accept
 
 
+    limit name lim_reject log prefix "drop input: " counter drop
     log prefix "reject input: " counter
-    jump reject-rl
     meta l4proto tcp ct state new counter reject with tcp reset
     ct state new counter reject
-    counter
   }
 
   chain output {
-- 
cgit v1.2.3