[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: rate-limit ssh for both IPv4 and IPv6
From:       Tim Mooney <Tim.Mooney () ndsu ! edu>
Date:       2023-03-22 19:44:54
Message-ID: ea51ee39-44b8-d7e0-a88e-4f16ebb8f3 () ndsu ! edu
[Download RAW message or body]

In regard to: Re: rate-limit ssh for both IPv4 and IPv6, Kevin P. Fleming...:

> On Wed, Mar 22, 2023, at 14:28, Tim Mooney wrote:
>> With my current experience level with nft, it's not clear to me how to
>> adjust a single rule that handles only IPv4 with a set to do what I need
>> for both IPv4 and IPv6 connections to ssh.
>
> Do you need to use a single rule? Since the rate-limiting is
> per-source-address, there's no need to have them mixed together. Two
> rules, one each for IPv4 and IPv6, with their own sets, should work
> fine.

For my purposes, two rules would be fine!  Two separate rules are probably
going to be easier to understand for my coworkers anyway.

Thank you!

Tim
-- 
Tim Mooney                                             Tim.Mooney@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology    /                701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164
[prev in list] [next in list] [prev in thread] [next in thread]