summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_connlimit.txlate
blob: 758868c4436c1119ae59715e51f4ae441d3b7c5f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
iptables-translate -A INPUT -m connlimit --connlimit-above 2
nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }
nft add rule ip filter INPUT add @connlimit0 { ip saddr ct count over 2 } counter

iptables-translate -A INPUT -m connlimit --connlimit-upto 2
nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }
nft add rule ip filter INPUT add @connlimit0 { ip saddr ct count 2 } counter

iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-mask 24
nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }
nft add rule ip filter INPUT add @connlimit0 { ip saddr and 255.255.255.0 ct count 2 } counter

iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-daddr
nft add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }
nft add rule ip filter INPUT add @connlimit0 { ip daddr ct count 2 } counter