From fe573574fcb2605bc9011c621f44654707180765 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 1 Dec 2018 17:54:03 +0100
Subject: doc: nft: document ct count

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/payload-expression.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'doc')

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index a2284ce8..eb98e5d7 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -619,5 +619,13 @@ integer (64 bit)
 |zone|
 conntrack zone |
 integer (16 bit)
+|count|
+count number of connections
+integer (32 bit)
 |==========================================
 A description of conntrack-specific types listed above can be found sub-section CONNTRACK TYPES above.
+
+.restrict the number of parallel connections to a server
+--------------------
+filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject
+--------------------
-- 
cgit v1.2.3