On 2022-09-08 11:13, Pablo Neira Ayuso wrote:
you removed the limit line in the set declaration ?
Yes, after I failed to get the right syntax to combine it with the ICMP type.
If you would like to throttle icmpv6 echo-request, the::
table ip6 filter {
set ping6 {
typeof ip6 daddr . icmpv6 type
limit rate 5/second
elements = { aaaa:43:a:83::2 . echo-request,
aaaa:43:a:83::3 . echo-request,
aaaa:43:a:83::4 . echo-request }
}
chain input {
type filter hook input priority filter; policy drop;
ip6 daddr . icmpv6 type @ping6 accept
}
}
Thanks. I wouldn't have found that syntax in a quintillion years.
Please, see the wiki for more examples on concatenations and sets/maps.
I've gone through it. As someone who's been programming and configuring computers for over forty years, I can tell you that the wiki documentation is not good. It seems to be written by and for nft developers.
