diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-01 17:54:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-01 18:03:43 +0100 |
commit | fe573574fcb2605bc9011c621f44654707180765 (patch) | |
tree | f025d89e1b0f8be079859774b0f0f0354fecd77d /doc | |
parent | be79e9c3467b324216688047c81315f0d3e51d24 (diff) |
doc: nft: document ct count
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/payload-expression.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index a2284ce8..eb98e5d7 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -619,5 +619,13 @@ integer (64 bit) |zone| conntrack zone | integer (16 bit) +|count| +count number of connections +integer (32 bit) |========================================== A description of conntrack-specific types listed above can be found sub-section CONNTRACK TYPES above. + +.restrict the number of parallel connections to a server +-------------------- +filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject +-------------------- |