On 28/09/2020 18.08, Pablo Neira Ayuso wrote:
>
Something like this:
table ip x {
set flood2 {
type ipv4_addr
size 100000
flags dynamic,timeout
timeout 1m
elements = { 150.214.188.80 expires 54s752ms limit rate 1/minute burst 1 packets }
}
chain output {
type filter hook output priority filter; policy drop;
ct state new tcp dport 80 add @flood2 { ip daddr limit rate 1/minute burst 1 packets } log prefix "test: " accept
ct state established,related accept
}
}
Only one stateful expression is supported a this stage, either you
have ratelimit or you have counters per elements.
Thank you; I see how the set syntax works now.
How do I get the behavior like in the wiki, which uses maps?
