diff --git a/modules/module-rate-limit-web-port-forward.sh b/modules/module-rate-limit-web-port-forward.sh new file mode 100644 index 0000000..59c1087 --- /dev/null +++ b/modules/module-rate-limit-web-port-forward.sh @@ -0,0 +1,19 @@ +#!/bin/bash +NFT='/usr/bin/nft' +HANDLE=($($NFT -a -n list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)) +for i in "${HANDLE[@]}"; do + $NFT delete rule ip6 filter input handle $i &>/dev/null + $NFT delete rule ip filter input handle $i &>/dev/null +done + +echo "Setting Rate Limit to : $1" +echo +$NFT add rule ip nat prerouting tcp dport 443 dnat to 192.168.0.55 +$NFT add rule ip nat prerouting tcp dport 80 dnat to 192.168.0.55 +$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept + +$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept + +$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept + +$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept