From 9c7ad280f9f2c712e45534b3079eae57255c4c28 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Sat, 21 Sep 2024 12:29:48 +0200
Subject: [PATCH] [nftables] Add blackholes counters

---
 roles/nftables/templates/nftables.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/nftables/templates/nftables.conf b/roles/nftables/templates/nftables.conf
index 142b170..0813621 100755
--- a/roles/nftables/templates/nftables.conf
+++ b/roles/nftables/templates/nftables.conf
@@ -41,15 +41,15 @@ table inet filter {
 		# Rate limiting
 		meta nfproto ipv4 meter ratelimit4 \
 			{ ip saddr limit rate over 75/second burst 15 packets } \
-			add @blackhole_ipv4 { ip saddr }
+			add @blackhole_ipv4 { ip saddr } counter
 		meta nfproto ipv6 meter ratelimit6 \
 			{ ip6 saddr limit rate over 75/second burst 15 packets } \
-			add @blackhole_ipv6 { ip6 saddr }
+			add @blackhole_ipv6 { ip6 saddr } counter
 		# Max concurrent connections
 		meta nfproto ipv4 meter connlimit4 \
-			{ ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr }
+			{ ip saddr ct count over 100 } add @blackhole_ipv4 { ip saddr } counter
 		meta nfproto ipv6 meter connlimit6 \
-			{ ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr }
+			{ ip6 saddr ct count over 100 } add @blackhole_ipv6 { ip6 saddr } counter
 
 		# Allow ICMP
 		meta l4proto icmp accept