iptables-translate -A INPUT -m connlimit --connlimit-above 2 nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; } nft add rule ip filter INPUT add @connlimit0 { ip saddr ct count over 2 } counter iptables-translate -A INPUT -m connlimit --connlimit-upto 2 nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; } nft add rule ip filter INPUT add @connlimit0 { ip saddr ct count 2 } counter iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-mask 24 nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; } nft add rule ip filter INPUT add @connlimit0 { ip saddr and 255.255.255.0 ct count 2 } counter iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-daddr nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; } nft add rule ip filter INPUT add @connlimit0 { ip daddr ct count 2 } counter