summaryrefslogtreecommitdiffstats
path: root/doc/payload-expression.txt
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-12-01 17:54:03 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-12-01 18:03:43 +0100
commitfe573574fcb2605bc9011c621f44654707180765 (patch)
treef025d89e1b0f8be079859774b0f0f0354fecd77d /doc/payload-expression.txt
parentbe79e9c3467b324216688047c81315f0d3e51d24 (diff)
doc: nft: document ct count
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/payload-expression.txt')
-rw-r--r--doc/payload-expression.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index a2284ce8..eb98e5d7 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -619,5 +619,13 @@ integer (64 bit)
|zone|
conntrack zone |
integer (16 bit)
+|count|
+count number of connections
+integer (32 bit)
|==========================================
A description of conntrack-specific types listed above can be found sub-section CONNTRACK TYPES above.
+
+.restrict the number of parallel connections to a server
+--------------------
+filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject
+--------------------