There's some info on how to limit connections using nft here[1].
We can find there, for instance, the following rule:
nft add rule ip filter INPUT tcp dport 80 meter http1 { tcp dport . ip saddr limit rate over 200/second } counter drop
I was able to rewrite the rule to the following form:
nft add rule ip filter INPUT tcp dport 80 meter http1 { tcp dport . ip saddr } limit rate over 200/second counter drop
Is there any difference between the two? It looks like they
do the same thing.
[1] https://wiki.nftables.org/wiki-nftables/index.php/Meters
Attachment:
signature.asc
Description: OpenPGP digital signature
