Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: py: update quota and payload | Pablo Neira Ayuso | 2016-12-14 | 1 | -13/+13 |
| | | | | | | Include new consumed field for quota, and check for csum_flags in payload. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | src: add quota statement | Pablo Neira Ayuso | 2016-08-29 | 1 | -0/+52 |
This new statement is stateful, so it can be used from flow tables, eg. # nft add rule filter input \ flow table http { ip saddr timeout 60s quota over 50 mbytes } drop This basically sets a quota per source IP address of 50 mbytes after which packets are dropped. Note that the timeout releases the entry if no traffic is seen from this IP after 60 seconds. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |