Hi all,
I'm troubled by hot to use limit rate on ip address through "nft"
command, there is my PC ( linux kernel 4.9 ) interface situation:
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:e0:4c:4a:0c:a3 txqueuelen 1000 (Ethernet)
RX packets 52 bytes 7590 (7.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 79 bytes 11052 (10.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.104 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::e259:b309:83cf:97f1 prefixlen 64 scopeid 0x20<link>
ether 4c:cc:6a:f5:6c:9d txqueuelen 1000 (Ethernet)
RX packets 57617 bytes 80114000 (76.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30903 bytes 2783293 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
And I use below command to create my qos firewall, but fails
# create a table named filter
nft add table filter
# add chain for input(download) and output(upload) hook
nft add chain filter input { type filter hook input priority 0\;}
nft add chain filter output { type filter hook output priority 0\;}
nft add rule filter input ip daddr 192.168.0.104 limit rate 512bytes/second
accept
nft add rule filter output ip saddr 192.168.0.104 limit rate 512bytes/second
accept
Is there any problem with my nftables commands ? Any hits will be appreciated,
thanks!!!
