From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 1 Dec 2018 16:54:03 +0000 (+0100)
Subject: doc: nft: document ct count
X-Git-Tag: v0.9.1~167
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe573574fcb2605bc9011c621f44654707180765;p=thirdparty%2Fnftables.git

doc: nft: document ct count

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index a2284ce8..eb98e5d7 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -619,5 +619,13 @@ integer (64 bit)
 |zone|
 conntrack zone |
 integer (16 bit)
+|count|
+count number of connections
+integer (32 bit)
 |==========================================
 A description of conntrack-specific types listed above can be found sub-section CONNTRACK TYPES above.
+
+.restrict the number of parallel connections to a server
+--------------------
+filter input tcp dport 22 meter test { ip saddr ct count over 2 } reject
+--------------------