On 29/09/2020 16:46, Florian Westphal wrote:
ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings is
not clear whether the 'limit rate' stanza applies as:
* cummulutive limit (from any/all saddr) for the daddr within the given
period
Its always the same, limit has no internal state other than the rate
bucket.
In all these examples the limit applies for every packet that makes
it to the limit expression.
So, f.e.:
nft add rule filter input icmp type echo-request limit rate 10/second
accept
applies the limit to each icmp echo request.
Thank you for the clarification.
