blob: 52d1bf64b686638d69ee858e9c3ba81ea3471a53 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
table inet x {
counter user123 {
packets 12 bytes 1433
}
counter user321 {
packets 0 bytes 0
}
quota user123 {
over 2000 bytes
}
quota user124 {
over 2000 bytes
}
synproxy https-synproxy {
mss 1460
wscale 7
timestamp sack-perm
}
synproxy other-synproxy {
mss 1460
wscale 5
}
set y {
type ipv4_addr
}
map test {
type ipv4_addr : quota
elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
}
map test2 {
type ipv4_addr : synproxy
flags interval
elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
}
chain y {
type filter hook input priority filter; policy accept;
counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
quota name ip saddr map @test drop
}
}
|