diff options
| author | Daniil Baturin <daniil@vyos.io> | 2022-07-09 19:55:44 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-09 19:55:44 +0100 | 
| commit | 0116d5de4f45277ad027cfcab35f6b5213edc685 (patch) | |
| tree | 724a9d594d11b756b9c5b5d0614b90ac1c5b47ca /docs/configuration/firewall/index.rst | |
| parent | 8cbb59c5a2168bad2f583d00d78a47e00e668a9f (diff) | |
| parent | 52d4e27612f0f4ad36b4635984d1ca7ac26d7689 (diff) | |
| download | vyos-documentation-0116d5de4f45277ad027cfcab35f6b5213edc685.tar.gz vyos-documentation-0116d5de4f45277ad027cfcab35f6b5213edc685.zip | |
Merge pull request #806 from Diekos/firewall-matchingcriteria-recent
Firewall: add 'recent' matching criteria
Diffstat (limited to 'docs/configuration/firewall/index.rst')
| -rw-r--r-- | docs/configuration/firewall/index.rst | 10 | 
1 files changed, 10 insertions, 0 deletions
| diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index a83ea2ae..a36877b7 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -469,6 +469,16 @@ geoip) to keep database and rules updated.     Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for     'greater than', and 'lt' stands for 'less than'. +    +.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255> +.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second |  +   minute | hour> +.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second |  +   minute | hour> + +   Match when 'count' amount of connections are seen within 'time'. These  +   matching criteria can be used to block brute-force attempts.  ***********************************  Applying a Rule-Set to an Interface | 
