Great Kerin. Good to know the optional. Thanks again. Best Regards Sreedhar On Fri, Mar 8, 2024 at 10:34 AM Kerin Millar <kfm@xxxxxxxxxxxxx> wrote: > > On Fri, 8 Mar 2024, at 10:19 AM, Sreedhar M wrote: > > Great Kerin. Thank you so much for the support. > > > > With the below rules specially using 'add' and all my uses cases are working. > > nft add set ip filter myrate { type ipv4_addr . inet_service; flags > > timeout ; flags dynamic; timeout 10s; } > > nft add rule ip filter INPUT tcp dport 7880 ct state new add @myrate { > > ip saddr . th dport limit rate over 1/day burst 15 packets } counter > > drop > > One more thing occurs to me. Now that you are using "add" and, given that "1/day" might otherwise appear confusing in the course of reviewing a ruleset, you could probably get away with changing the element template to: > > { ip saddr . th dport limit rate over 6/minute burst 15 packets } > > Consider it optional; the behaviour should not change at all. Still, it does, perhaps, better hint at the underlying policy i.e. something should happen after 10 (60/6) seconds. Normally, that would be the bucket being credited with a token but it is my understanding that the timeout policy should prevail. > > -- > Kerin Millar -- Best Regards Sreedhar