doc: nft: document ct count

author Pablo Neira Ayuso <pablo@netfilter.org>

Sat, 1 Dec 2018 16:54:03 +0000 (17:54 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Sat, 1 Dec 2018 17:03:43 +0000 (18:03 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Sat, 1 Dec 2018 16:54:03 +0000 (17:54 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Sat, 1 Dec 2018 17:03:43 +0000 (18:03 +0100)
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt

index a2284ce8c3d921f2be0d88ed43a83df4edac1cfd..eb98e5d7898c19cee69bbf73c98a1c603ecfea5b 100644 (file)
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -619,5 +619,13 @@ integer (64 bit)
  |zone|
  conntrack zone |
  integer (16 bit)
+|count|
+count number of connections
+integer (32 bit)
  |==========================================
  A description of conntrack-specific types listed above can be found sub-section CONNTRACK TYPES above.
+
+.restrict the number of parallel connections to a server
+--------------------
+filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject
+--------------------
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 1 Dec 2018 16:54:03 +0000 (17:54 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 1 Dec 2018 17:03:43 +0000 (18:03 +0100)