diff options
author | Remi <remi@diekos.nl> | 2022-07-09 17:24:52 +0200 |
---|---|---|
committer | Remi <remi@diekos.nl> | 2022-07-09 17:24:52 +0200 |
commit | 52d4e27612f0f4ad36b4635984d1ca7ac26d7689 (patch) | |
tree | 067d3361ddb20dd42f52399d0760ade6707df7cd /docs/configuration | |
parent | 4f00eb16fc36fcc51db1215ddb078adee8b14e5b (diff) | |
download | vyos-documentation-52d4e27612f0f4ad36b4635984d1ca7ac26d7689.tar.gz vyos-documentation-52d4e27612f0f4ad36b4635984d1ca7ac26d7689.zip |
Firewall: add 'recent' matching criteria
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/firewall/index.rst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index a83ea2ae..a36877b7 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -469,6 +469,16 @@ geoip) to keep database and rules updated. Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'. + +.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second | + minute | hour> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second | + minute | hour> + + Match when 'count' amount of connections are seen within 'time'. These + matching criteria can be used to block brute-force attempts. *********************************** Applying a Rule-Set to an Interface |