nftables: Reorder rules + lowered rates

2023-11-29 19:00:29 +00:00 · 2023-11-29 19:00:29 +00:00 · fd46313f93
commit fd46313f93
parent 18c141352c
1 changed files with 6 additions and 6 deletions
--- a/nftables.conf
+++ b/nftables.conf
@ -11,15 +11,15 @@ table inet filter {
 		ct state invalid drop
 		ct state { established, related } accept

-		# Allow ICMP
-		meta l4proto icmp limit rate 2/second accept
-		meta l4proto ipv6-icmp limit rate 2/second accept
-				
+		# HTTP
+		tcp dport { http, https } limit rate 5/second accept
+
 		# SSH
 		tcp dport 995 limit rate 15/minute accept

-		# HTTP
-		tcp dport { http, https } limit rate 25/second accept
+		# Allow ICMP
+		meta l4proto icmp limit rate 1/second accept
+		meta l4proto ipv6-icmp limit rate 1/second accept
 	}

 	chain forward {