From db58a8d8f3c8e6f6036307573416108018a8e95a Mon Sep 17 00:00:00 2001 From: Remi Date: Mon, 11 Jul 2022 19:36:09 +0200 Subject: Firewall: Added 'recent' matching criteria --- docs/configuration/firewall/index.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'docs/configuration/firewall/index.rst') diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 92f2da8d..a9fb3c93 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -417,6 +417,15 @@ There are a lot of matching criteria against which the package can be tested. Match against the state of a packet. +.. cfgcmd:: set firewall name rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall ipv6-name rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall name rule <1-999999> recent time +.. cfgcmd:: set firewall ipv6-name rule <1-999999> recent time + + Match when 'count' amount of connections are seen within 'time'. These + matching criteria can be used to block brute-force attempts. *********************************** Applying a Rule-Set to an Interface -- cgit v1.2.3