[nftables] icmp type rate limiting - cumulative for the daddr or selectively per saddr?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings is not clear whether the 'limit rate' stanza applies as:
* cummulutive limit (from any/all saddr) for the daddr within the given period 

or

* assumes/implies limit selectively for each saddr within the given period

If it is a cummulutive limit how to go about a limit per saddr? For example:

icmpv6 type 128 ip6 saddr limit rate over 15/second burst 3 packets drop

or

icmpv6 type 128 { ip6 saddr limit rate over 15/second burst 3 packets } drop

producing:

Error: syntax error, unexpected saddr, expecting comma or '}'
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux