nftables: Reorder rules + lowered rates
This commit is contained in:
parent
18c141352c
commit
fd46313f93
1 changed files with 6 additions and 6 deletions
|
@ -11,15 +11,15 @@ table inet filter {
|
||||||
ct state invalid drop
|
ct state invalid drop
|
||||||
ct state { established, related } accept
|
ct state { established, related } accept
|
||||||
|
|
||||||
# Allow ICMP
|
# HTTP
|
||||||
meta l4proto icmp limit rate 2/second accept
|
tcp dport { http, https } limit rate 5/second accept
|
||||||
meta l4proto ipv6-icmp limit rate 2/second accept
|
|
||||||
|
|
||||||
# SSH
|
# SSH
|
||||||
tcp dport 995 limit rate 15/minute accept
|
tcp dport 995 limit rate 15/minute accept
|
||||||
|
|
||||||
# HTTP
|
# Allow ICMP
|
||||||
tcp dport { http, https } limit rate 25/second accept
|
meta l4proto icmp limit rate 1/second accept
|
||||||
|
meta l4proto ipv6-icmp limit rate 1/second accept
|
||||||
}
|
}
|
||||||
|
|
||||||
chain forward {
|
chain forward {
|
||||||
|
|
Loading…
Reference in a new issue