On Fri, Sep 16, 2016 at 06:50:22PM +0200, Christophe Leroy wrote:
> I tried to limit ping flooding by setting the following rule:
> nft add rule filter input icmp type echo-request limit rate 10/second accept
This is matching packets under the rate, so packets under the rate are
Your next rule, or default policy, should drop, so packets over the
rate are dropped.
You can invert this logic via:
# nft add rule filter input icmp type echo-request limit rate over 10/second
Does this work for you?
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html