7 lines
468 B
Bash
7 lines
468 B
Bash
#!/bin/bash
|
|
NFT='/usr/bin/nft'
|
|
$NFT add set ip filter rateLimit { type ipv4_addr \; flags dynamic, timeout \; timeout 5m \; }
|
|
$NFT add set ip6 filter rateLimit { type ipv6_addr \; flags dynamic, timeout \; timeout 5m \; }
|
|
$NFT add rule filter input ip protocol tcp ct state new, untracked limit rate over 100/minute add @rateLimit { ip saddr }
|
|
$NFT add rule filter input ip6 protocol tcp ct state new, untracked limit rate over 100/minute add @rateLimit { ip6 saddr }
|