On Wed, 6 Mar 2024 22:11:49 +0000 Sreedhar M <sreemtech@xxxxxxxxx> wrote: > Hello Team > > I am currently working on configuring rate limiting rules with nft and > have encountered a challenge. ex: I would appreciate your guidance in > achieving a rate limit of 10 ICMP echo-request packets within a > 10-second interval. > > Here is an example rule > example : nft add rule filter input icmp type echo-request limit rate > over 10/second drop > > I understand that nft doesn't directly support specifying rates in the > format "10/10 seconds," and I'm seeking advice on how to adjust the > parameters to achieve the desired rate limiting behaviour. > > Your assistance on this matter would be greatly appreciated. "1/second burst 10 packets" should be close enough. The bucket will be initialised with 10 tokens and refilled at a rate of 1 per second. -- Kerin Millar
