#!/bin/bash

RULESET="table x {
	set y {
		type ipv4_addr
		size 65535
		flags dynamic,timeout
		timeout 1h
	}
	chain z {
		type filter hook output priority 0;
		update @y { ip daddr limit rate 1/second counter }
	}
}"

set -e
$NFT -f - <<< $RULESET