blob: 21fa0bff5a6183210ac45071b6e0c8c8a5690bb9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#!/bin/bash
RULESET="table inet filter {
set ssh_meter {
type ipv4_addr
size 65535
flags dynamic,timeout
timeout 1m
elements = { 127.0.0.1 expires 52s44ms limit rate over 1/minute }
}
chain output {
type filter hook output priority filter; policy accept;
ip protocol icmp add @ssh_meter { ip saddr timeout 1m limit rate over 1/minute }
}
}"
set -e
$NFT -f - <<< $EXPECTED
|