[英]Can anyone give me any idea Nftable rules
1.接受傳入的TCP連接ssh(端口22),速率限制為每台主機每分鍾30個連接,突發5個連接 2.記錄接受的Z1787D7646304C5D987ZCF4EDC46個連接。
輸入鏈中的第一條規則通常是:
ct state established,related counter accept
所以添加規則就足夠了:
ct state new tcp dport 22 limit rate 30/minute burst 35 packets log prefix "[nft accept ssh] " counter accept
把它們放在一起:
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related counter accept
ct state new tcp dport 22 limit rate 30/minute burst 35 packets log prefix "[nft accept ssh] " counter accept
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.