On Thursday, 27 July 2017 22:59:59 CEST Perry Thompson wrote: > Hello all, > > It may be way to early to ask this question, but I thought I might as > well see if anyone has any information on it. > > Will the "recent" module or an option with a similar function be > introduced into nftables in the future? Are there any plans to create > something like this? It has always been a very good tool for keeping > bad IPs from touching my system. I think flow tables might fit the bill. https://wiki.nftables.org/wiki-nftables/index.php/Flow_tables I use them for filtering out SSH connection attempts, by allowing 3 SYN packets per minute. tcp dport ssh ct state new flow table ssh { iif . ip saddr . tcp dport timeout 1h limit rate 3/minute} accept Cheers Martin.
Attachment:
signature.asc
Description: This is a digitally signed message part.
