On Tue, Sep 29, 2020 at 01:39:00PM +0000, ѽ҉ᶬḳ℠ wrote: > https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings is > not clear whether the 'limit rate' stanza applies as: > > * cummulutive limit (from any/all saddr) for the daddr within the given > period > > or > > * assumes/implies limit selectively for each saddr within the given period > > If it is a cummulutive limit how to go about a limit per saddr? For example: > > icmpv6 type 128 ip6 saddr limit rate over 15/second burst 3 packets drop > > or > > icmpv6 type 128 { ip6 saddr limit rate over 15/second burst 3 packets } drop This syntax is not correct. Yesterday, you posted an example to combine limit rate with dynamic sets which might be what you need. Additionally, if you know how to use iptables, please have a look at iptables -m limit, it's equivalent.
