Martin Zaharinov <micron10@xxxxxxxxx> wrote: > Hi Florian > > Look good this config but not work after set user not limit by speed. Works for me. Before: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 5.09 GBytes 4.37 Gbits/sec 0 sender [ 5] 0.00-10.00 sec 5.08 GBytes 4.36 Gbits/sec receiver After: [ 5] 0.00-10.00 sec 62.9 MBytes 52.7 Mbits/sec 0 sender [ 5] 0.00-10.00 sec 59.8 MBytes 50.1 Mbits/sec receiver > table inet nft-qos-static { > set limit_ul { > typeof ip saddr > flags dynamic > elements = { 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes, 10.0.0.254 limit rate over 12 mbytes/second burst 6000 kbytes } > } > set limit_dl { > typeof ip saddr > flags dynamic > elements = { 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes, 10.0.0.254 limit rate over 12 mbytes/second burst 6000 kbytes } > } > > chain upload { > type filter hook postrouting priority filter; policy accept; > ip saddr @limit_ul drop > } > chain download { > type filter hook prerouting priority filter; policy accept; > ip saddr @limit_dl drop > } daddr? > With this config user with ip 10.0.0.1 not limited to 5 mbytes , > When back to this config : > > table inet nft-qos-static { > chain upload { > type filter hook postrouting priority filter; policy accept; > ip saddr 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes drop > } > > chain download { > type filter hook prerouting priority filter; policy accept; > ip daddr 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes drop ~~~~~