blob: 3108a529fdb5a5c27d487c2e9b3588a62d5fb2de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
iptables-translate -A INPUT -m connlimit --connlimit-above 2
nft 'add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }'
nft 'add rule ip filter INPUT add @connlimit0 { ip saddr ct count over 2 } counter'
iptables-translate -A INPUT -m connlimit --connlimit-upto 2
nft 'add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }'
nft 'add rule ip filter INPUT add @connlimit0 { ip saddr ct count 2 } counter'
iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-mask 24
nft 'add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }'
nft 'add rule ip filter INPUT add @connlimit0 { ip saddr and 255.255.255.0 ct count 2 } counter'
iptables-translate -A INPUT -m connlimit --connlimit-upto 2 --connlimit-daddr
nft 'add set ip filter connlimit0 { type ipv4_addr; flags dynamic; }'
nft 'add rule ip filter INPUT add @connlimit0 { ip daddr ct count 2 } counter'
|
