This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
сервис_firewall [2024/04/26 12:08] val [CentOS] |
сервис_firewall [2024/05/05 19:07] val [Debian/Ubuntu (iptables)] |
||
---|---|---|---|
Line 423: | Line 423: | ||
</code> | </code> | ||
+ | ==== nftables ==== | ||
+ | |||
+ | * [[https://access.redhat.com/documentation/ru-ru/red_hat_enterprise_linux/7/html/security_guide/sec-using_nftables_to_limit_the_amount_of_connections|Using nftables to limit the amount of connections]] | ||
+ | |||
+ | <code> | ||
+ | gate# cat /etc/nftables.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | table inet filter { | ||
+ | set denylist { | ||
+ | type ipv4_addr | ||
+ | size 65535 | ||
+ | flags dynamic,timeout | ||
+ | timeout 5m | ||
+ | } | ||
+ | ... | ||
+ | chain forward { | ||
+ | type filter hook forward priority filter; policy accept; | ||
+ | ip protocol tcp ct state new,untracked limit rate over 10/second add @denylist { ip saddr } | ||
+ | ip saddr @denylist drop | ||
+ | } | ||
+ | ... | ||
+ | </code> | ||
==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||