diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-17 12:36:38 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-18 12:38:38 +0100 |
commit | 285baccfea46aa61e4ed4777da23105ccf19218b (patch) | |
tree | af722b8abe89bfa02e9c7561623183c741ffdb70 /doc/statements.txt | |
parent | e6d1d0d6119585a5cd63fcc02c0eb98e30b095cb (diff) |
src: disallow burst 0 in ratelimits
The ratelimiter in nftables is similar to the one in iptables, and
iptables disallows a zero burst.
Update the byte rate limiter not to print burst 5 (default value).
Update tests/py payloads to print burst 5 instead of zero when the
burst is unspecified.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/statements.txt')
-rw-r--r-- | doc/statements.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/statements.txt b/doc/statements.txt index beebba16..aac7c7d6 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -324,7 +324,8 @@ ____ A limit statement matches at a limited rate using a token bucket filter. A rule using this statement will match until this limit is reached. It can be used in combination with the log statement to give limited logging. The optional -*over* keyword makes it match over the specified rate. +*over* keyword makes it match over the specified rate. Default *burst* is 5. +if you specify *burst*, it must be non-zero value. .limit statement values [options="header"] |