Nftables Webserver Beispiel Ratelimit
Zur Navigation springen
Zur Suche springen
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
iif lo accept
ct state established,related accept
# SSH mit Rate Limiting
tcp dport 22 ct state new meter ssh_ratelimit { ip saddr limit rate 3/minute burst 5 packets } accept
tcp dport 22 ct state new counter log prefix "ssh-ratelimited: " drop
tcp dport 80 accept
tcp dport 443 accept
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
counter drop
}
chain forward {
type filter hook forward priority filter; policy drop;
}
chain output {
type filter hook output priority filter; policy accept;
}
}