From 52d4e27612f0f4ad36b4635984d1ca7ac26d7689 Mon Sep 17 00:00:00 2001
From: Remi <remi@diekos.nl>
Date: Sat, 9 Jul 2022 17:24:52 +0200
Subject: Firewall: add 'recent' matching criteria

---
 docs/configuration/firewall/index.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'docs/configuration/firewall/index.rst')

diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index a83ea2ae..a36877b7 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -469,6 +469,16 @@ geoip) to keep database and rules updated.
 
    Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for
    'greater than', and 'lt' stands for 'less than'.
+   
+.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second | 
+   minute | hour>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second | 
+   minute | hour>
+
+   Match when 'count' amount of connections are seen within 'time'. These 
+   matching criteria can be used to block brute-force attempts.
 
 ***********************************
 Applying a Rule-Set to an Interface
-- 
cgit v1.2.3