Yes, the rules in filter table does work at all. ------------------------------------------------------------------ From:Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Time:2018 Apr 27 (Fri) 16:09 To: Rosysong <rosysong@xxxxxxxxxxxx> Cc:netfilter-devel <netfilter-devel@xxxxxxxxxxxxxxx>; netfilter <netfilter@xxxxxxxxxxxxxxx> Subject:Re: How to use limit rate on ip address through nft command ? On Fri, Apr 27, 2018 at 03:51:05PM +0800, Rosysong wrote: [...] > # create a table named filter > nft add table filter > > # add chain for input(download) and output(upload) hook > nft add chain filter input { type filter hook input priority 0\;} > nft add chain filter output { type filter hook output priority 0\;} > > nft add rule filter input ip daddr 192.168.0.104 limit rate 512bytes/second accept > nft add rule filter output ip saddr 192.168.0.104 limit rate 512bytes/second accept > > Is there any problem with my nftables commands ? Any hits will be appreciated, thanks!!! What do you mean with "fails"? When adding the rule or you observe this doesn't work for you, ie. not ratelimiting as you expect? Thanks.��.n��������+%������w��{.n����z���)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥