Hi,
On Thu, Jul 22, 2021 at 04:57:37PM -0300, pauloric@xxxxxxxxxxxxxxxx wrote:
> Hi
>
> Near CONNTRACK EXPRESSIONS at manual I think that should be good to insert something like:
>
> ct {state | direction | status | mark | expiration | helper | label}
> ....
> ct count [over] <------->
>
> and just a little bellow it has already an example of it.
> ...
> filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject
>
> Maybe a include at Table 55. Conntrack expressions too ??? <----
Since 0.9.7, manpage contains a reference to 'ct count'.
There is also an example usage:
restrict the number of parallel connections to a server.
nft add set filter ssh_flood '{ type ipv4_addr; flags dynamic; }'
nft add rule filter input tcp dport 22 add @ssh_flood '{ ip saddr ct count over 2 }' reject
> Could it be inserted at https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Ct ???
Updated.
Thanks
