Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote:
> nft add rule ip filter INPUT tcp dport 80 meter http1 { tcp dport . ip saddr limit rate over 200/second } counter drop
This limits each dport : ip saddr combination to 200 packets per second.
This doesn't make a lot of sense to me.
Also, why include "tcp dport" inside the {} ?
The rule only matches port 80 anyway.
> I was able to rewrite the rule to the following form:
>
> nft add rule ip filter INPUT tcp dport 80 meter http1 { tcp dport . ip saddr } limit rate over 200/second counter drop
Hmm, that looks like a bug. I'm not sure how this can work, or what it
should do. The closing } comes too soon, the meter misses the
expression to instantiate.
I guess you're looking for "ct count"?
add rule ip filter INPUT tcp dport 80 ct state new meter http1 { ip saddr ct count over 100 } counter drop
