summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2020-12-17 12:36:38 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2020-12-18 12:38:38 +0100
commit285baccfea46aa61e4ed4777da23105ccf19218b (patch)
treeaf722b8abe89bfa02e9c7561623183c741ffdb70 /doc
parente6d1d0d6119585a5cd63fcc02c0eb98e30b095cb (diff)
src: disallow burst 0 in ratelimits
The ratelimiter in nftables is similar to the one in iptables, and iptables disallows a zero burst. Update the byte rate limiter not to print burst 5 (default value). Update tests/py payloads to print burst 5 instead of zero when the burst is unspecified. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/statements.txt3
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/statements.txt b/doc/statements.txt
index beebba16..aac7c7d6 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -324,7 +324,8 @@ ____
A limit statement matches at a limited rate using a token bucket filter. A rule
using this statement will match until this limit is reached. It can be used in
combination with the log statement to give limited logging. The optional
-*over* keyword makes it match over the specified rate.
+*over* keyword makes it match over the specified rate. Default *burst* is 5.
+if you specify *burst*, it must be non-zero value.
.limit statement values
[options="header"]