firewall/modules/module-rate-limit.sh

#!/bin/bash
NFT='/usr/bin/nft'
HANDLE=($($NFT -n -a list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3))
for i in "${HANDLE[@]}"; do
	if [[ "$i" == *":"* ]]; then
       		$NFT delete rule ip6 filter input handle $i &>/dev/null
        else
                $NFT delete rule filter input handle $i &>/dev/null
        fi
done

echo "Setting Rate Limit to : $1"
echo

$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept

$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept

$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept

$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
fix 2024-09-24 22:43:29 -06:00			`#!/bin/bash`
			`NFT='/usr/bin/nft'`
			`HANDLE=($($NFT -n -a list ruleset \| grep "ct state 0x8 tcp dport" \| grep -E '80\|443' \| grep handle \| cut -d '#' -f2 \| cut -d ' ' -f3))`
			`for i in "${HANDLE[@]}"; do`
			`if [[ "$i" == ":" ]]; then`
			`$NFT delete rule ip6 filter input handle $i &>/dev/null`
			`else`
			`$NFT delete rule filter input handle $i &>/dev/null`
			`fi`
			`done`

			`echo "Setting Rate Limit to : $1"`
			`echo`

			`$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept`

			`$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept`

			`$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept`

			`$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept`