1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
#!/bin/bash RULESET="table x { set y { type ipv4_addr size 65535 flags dynamic,timeout timeout 1h } chain z { type filter hook output priority 0; update @y { ip daddr limit rate 1/second counter } } }" set -e $NFT -f - <<< $RULESET