diff options
author | Simon Ruderich <simon@ruderich.org> | 2021-03-07 10:51:36 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-09 02:41:59 +0100 |
commit | 68d5edd4d31e54b6add6d2af5b8baa0c0724a4dd (patch) | |
tree | 6a98326b9080e17761d8bc91a23d7f0d170fb370 /doc/statements.txt | |
parent | 95141d17efe22e66aca85e0cc53a5a6d6bc1f3cd (diff) |
doc: move drop rule on a separate line in blackhole example
At first I overlooked the "drop". Putting it on a separate line makes it
more visible and also details the separate steps of this rule.
Signed-off-by: Simon Ruderich <simon@ruderich.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/statements.txt')
-rw-r--r-- | doc/statements.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/statements.txt b/doc/statements.txt index 7bb538a9..0973e5ef 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -712,7 +712,8 @@ nft add rule ip filter input ip saddr @blackhole counter drop # requests occurred per second and ip address. nft add rule ip filter input tcp flags syn tcp dport ssh \ add @flood { ip saddr limit rate over 10/second } \ - add @blackhole { ip saddr } drop + add @blackhole { ip saddr } \ + drop # inspect state of the sets. nft list set ip filter flood |