| Message ID | 0637994cfd40621a20b624efa7d190c916e5edd0.1615108958.git.simon@ruderich.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | Minor documentation improvements | expand |
diff --git a/doc/statements.txt b/doc/statements.txt index 7bb538a9..0973e5ef 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -712,7 +712,8 @@ nft add rule ip filter input ip saddr @blackhole counter drop # requests occurred per second and ip address. nft add rule ip filter input tcp flags syn tcp dport ssh \ add @flood { ip saddr limit rate over 10/second } \ - add @blackhole { ip saddr } drop + add @blackhole { ip saddr } \ + drop # inspect state of the sets. nft list set ip filter flood
At first I overlooked the "drop". Putting it on a separate line makes it more visible and also details the separate steps of this rule. Signed-off-by: Simon Ruderich <simon@ruderich.org> --- doc/statements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)