summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorRemi <remi@diekos.nl>2022-07-09 17:24:52 +0200
committerRemi <remi@diekos.nl>2022-07-09 17:24:52 +0200
commit52d4e27612f0f4ad36b4635984d1ca7ac26d7689 (patch)
tree067d3361ddb20dd42f52399d0760ade6707df7cd /docs/configuration
parent4f00eb16fc36fcc51db1215ddb078adee8b14e5b (diff)
downloadvyos-documentation-52d4e27612f0f4ad36b4635984d1ca7ac26d7689.tar.gz
vyos-documentation-52d4e27612f0f4ad36b4635984d1ca7ac26d7689.zip
Firewall: add 'recent' matching criteria
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/firewall/index.rst10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index a83ea2ae..a36877b7 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -469,6 +469,16 @@ geoip) to keep database and rules updated.
Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for
'greater than', and 'lt' stands for 'less than'.
+
+.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second |
+ minute | hour>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second |
+ minute | hour>
+
+ Match when 'count' amount of connections are seen within 'time'. These
+ matching criteria can be used to block brute-force attempts.
***********************************
Applying a Rule-Set to an Interface