On Mon, Sep 28, 2020 at 06:12:21PM +0200, Devin Bayer wrote:
> On 28/09/2020 18.08, Pablo Neira Ayuso wrote:
> >
> > Something like this:
> >
> > table ip x {
> > set flood2 {
> > type ipv4_addr
> > size 100000
> > flags dynamic,timeout
> > timeout 1m
> > elements = { 150.214.188.80 expires 54s752ms limit rate 1/minute burst 1 packets }
> > }
> >
> > chain output {
> > type filter hook output priority filter; policy drop;
> > ct state new tcp dport 80 add @flood2 { ip daddr limit rate 1/minute burst 1 packets } log prefix "test: " accept
> > ct state established,related accept
> > }
> > }
> >
> > Only one stateful expression is supported a this stage, either you
> > have ratelimit or you have counters per elements.
>
> Thank you; I see how the set syntax works now.
>
> How do I get the behavior like in the wiki, which uses maps?
What example are you referring to?
