diff --git a/roles/nftables/templates/nftables.conf b/roles/nftables/templates/nftables.conf
index 586e0b4..1a715c9 100755
--- a/roles/nftables/templates/nftables.conf
+++ b/roles/nftables/templates/nftables.conf
@@ -37,11 +37,17 @@ table inet filter {
 	
 		# Prevent DDoS
 		# Rate limiting
-		meta nfproto ipv4 meter ratelimit4 { ip saddr limit rate over 50/second } add @blackhole_ipv4 { ip saddr }
-		meta nfproto ipv6 meter ratelimit6 { ip6 saddr limit rate over 50/second } add @blackhole_ipv6 { ip6 saddr }
+		meta nfproto ipv4 meter ratelimit4 \
+			{ ip saddr limit rate over 50/second burst 5 packets } \
+			add @blackhole_ipv4 { ip saddr }
+		meta nfproto ipv6 meter ratelimit6 \
+			{ ip6 saddr limit rate over 50/second burst 5 packets } \
+			add @blackhole_ipv6 { ip6 saddr }
 		# Max concurrent connections
-		meta nfproto ipv4 meter connlimit4 { ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr }
-		meta nfproto ipv6 meter connlimit6 { ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr }
+		meta nfproto ipv4 meter connlimit4 \
+			{ ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr }
+		meta nfproto ipv6 meter connlimit6 \
+			{ ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr }
 
 		# Allow ICMP
 		meta l4proto icmp accept