diff options
| author | Remi <remi@diekos.nl> | 2022-07-11 19:36:09 +0200 |
|---|---|---|
| committer | Remi <remi@diekos.nl> | 2022-07-11 19:36:09 +0200 |
| commit | db58a8d8f3c8e6f6036307573416108018a8e95a (patch) | |
| tree | 2beeaaf689fb44d3445f693199a38cad024d10a1 | |
| parent | 6b6f117cfa145ccf8ece9dd2c87fe9521ef2f5a2 (diff) | |
| download | vyos-documentation-db58a8d8f3c8e6f6036307573416108018a8e95a.tar.gz vyos-documentation-db58a8d8f3c8e6f6036307573416108018a8e95a.zip | |
Firewall: Added 'recent' matching criteria
| -rw-r--r-- | docs/configuration/firewall/index.rst | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 92f2da8d..a9fb3c93 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -417,6 +417,15 @@ There are a lot of matching criteria against which the package can be tested. Match against the state of a packet. +.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second | + minute | hour> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second | + minute | hour> + + Match when 'count' amount of connections are seen within 'time'. These + matching criteria can be used to block brute-force attempts. *********************************** Applying a Rule-Set to an Interface |