Slavko <linux@xxxxxxxxxx> wrote:
> with nft v1.0.6 and kernel 5.10.226 i want to limit logging count
> by IP. I setup set:
>
> set log_base4 {
> typeof ip saddr
> size 1000
> flags dynamic,timeout
> limit rate 1/minute burst 2 packets
> timeout 1h
> comment "IPv4 base log limit"
> }
>
> It is then used in chain:
>
> chain input {
> type filter hook input priority filter + 5; policy accept;
> ...
> update @log_base4 { ip saddr } log group 0
> }
>
> I see, that set is filled/updated by particular IP:
>
> elements = { X.Y.Z.W timeout 1h expires 59m59s360ms }
>
> But i see 15 lines per minute (it sends packet every 4 sec) for that
> IP. I expect max 2 lines per minute...
>
> Please what i did wrong?
Looks like 5.10 is too old, listing should show limit expression was
attached, i.e.:
elements = { x.y.z.w limit rate 1/minute burst 2 packets timeout 1h expires 59m55s504ms, ...
... (this is with 6.11.5 and your rules above).
