From: Florian Westphal <fw@strlen.de>
Date: Tue, 8 May 2018 22:23:25 +0000 (+0200)
Subject: doc: add size keyword to meter example
X-Git-Tag: v0.8.5~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1eadd73e30deab778ddfc26e9222a4d23bedb140;p=thirdparty%2Fnftables.git

doc: add size keyword to meter example

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/doc/nft.xml b/doc/nft.xml
index e11ad8d5..60691580 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -5467,7 +5467,7 @@ dup to ip daddr map { 192.168.7.1 : "eth0", 192.168.7.2 : "eth1" }
 
     # add source ip addresses to the blacklist if more than 10 tcp connection requests occurred per second and ip address.
     # entries will timeout after one minute, after which they might be re-added if limit condition persists.
-    nft add rule ip filter input tcp flags syn tcp dport ssh meter flood { ip saddr timeout 10s limit rate over 10/second} add @blackhole { ip saddr timeout 1m } drop
+    nft add rule ip filter input tcp flags syn tcp dport ssh meter flood size 128000 { ip saddr timeout 10s limit rate over 10/second} add @blackhole { ip saddr timeout 1m } drop
 
     # inspect state of the rate limit meter:
     nft list meter ip filter flood