I think that I find the 'error'. Quota follows same rules that limit? https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings If it's correct it should be good to alert users that ares reading https://wiki.nftables.org/wiki-nftables/index.php/Quotas that Quotas follow same rules that limit.... 80) best regards ----- Mensagem original ----- De: "pauloric" <pauloric@xxxxxxxxxxxxxxxx> Para: "netfilter" <netfilter@xxxxxxxxxxxxxxx> Cc: "pauloric" <pauloric@xxxxxxxxxxxxxxxx> Enviadas: Quinta-feira, 12 de agosto de 2021 10:01:34 Assunto: nftables - quota isn't working? Hi all Reading https://wiki.nftables.org/wiki-nftables/index.php/Quotas I have been testing quota but I have a doubt. a) If I use this rule below , quota reaches its value, but download continues. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota until 2 mbytes counter accept comment "paulo-quota" nft list ruleset | grep 'paulo-quota' ip daddr 192.168.10.11 quota 2 mbytes used 2 mbytes counter packets 1074 bytes 2094663 accept comment "paulo-quota" b) But if I invert logic, download stops. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota over 2 mbytes counter drop comment "paulo-quota" debian-10.10.0-amd64-netinst.iso https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso 0 B/s - 22,9 MB de 336 MB Should a) have the same result as b) ? Ubuntu 20.04.2 5.4.0-47-generic #51-Ubuntu SMP nftables 0.9.3-2 Thanks in advanced -- Paulo Ricardo Bruck consultor -- Pau lo Ricardo Bruck consultor tel 011 3596-4881 011 cel 98140-9184(TIM/Whats) [ http://www.contatogs.com.br/ | http ] [ http://www.contatogs.com.br/ | s://www.contatoglobal.com.br ] Domou arigatou gozaimasu
