summaryrefslogtreecommitdiffstats
path: root/doc/nft.xml
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-05-09 00:23:25 +0200
committerFlorian Westphal <fw@strlen.de>2018-05-09 00:23:25 +0200
commit1eadd73e30deab778ddfc26e9222a4d23bedb140 (patch)
tree3401548af0480cfdd32d219ef2f0b915301c1f9c /doc/nft.xml
parent087cb9b89a446c7525a9ff4ab4c99cf25a18b0dc (diff)
doc: add size keyword to meter example
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'doc/nft.xml')
-rw-r--r--doc/nft.xml2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/nft.xml b/doc/nft.xml
index e11ad8d5..60691580 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -5467,7 +5467,7 @@ dup to ip daddr map { 192.168.7.1 : "eth0", 192.168.7.2 : "eth1" }
# add source ip addresses to the blacklist if more than 10 tcp connection requests occurred per second and ip address.
# entries will timeout after one minute, after which they might be re-added if limit condition persists.
- nft add rule ip filter input tcp flags syn tcp dport ssh meter flood { ip saddr timeout 10s limit rate over 10/second} add @blackhole { ip saddr timeout 1m } drop
+ nft add rule ip filter input tcp flags syn tcp dport ssh meter flood size 128000 { ip saddr timeout 10s limit rate over 10/second} add @blackhole { ip saddr timeout 1m } drop
# inspect state of the rate limit meter:
nft list meter ip filter flood