blob: e2e4be1560c5f4f9006caaa1c187306dc8373410 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/bin/bash
set -e
RULESET="table ip x {
set s {
type ipv4_addr
flags dynamic
}
chain filter_in_tcp {
}
chain filter_in_udp {
}
chain y {
update @s { ip saddr limit rate 12/minute burst 30 packets } accept
tcp dport vmap {
80 : accept,
81 : accept,
443 : accept,
}
tcp dport vmap {
8000-8100 : accept,
24000-25000 : accept,
}
meta l4proto tcp goto filter_in_tcp
meta l4proto udp goto filter_in_udp
log
}
}"
$NFT -o -f - <<< $RULESET
|