Merge pull request #811 from Diekos/equuleus-firewall-matchingcriteria-recent

Firewall: Added 'recent' matching criteria
2025-11-04 00:02:05 +01:00 · 2022-07-11 20:24:41 +02:00 · 2022-07-11 20:24:41 +02:00 · fe15b1b31b
commit fe15b1b31b
parent 6b6f117cfa db58a8d8f3
1 changed files with 9 additions and 0 deletions
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@ -417,6 +417,15 @@ There are a lot of matching criteria against which the package can be tested.

   Match against the state of a packet.

+.. cfgcmd:: set firewall name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent count <1-255>
+.. cfgcmd:: set firewall name <name> rule <1-999999> recent time <second | 
+   minute | hour>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> recent time <second | 
+   minute | hour>
+
+   Match when 'count' amount of connections are seen within 'time'. These 
+   matching criteria can be used to block brute-force attempts.

 ***********************************
 Applying a Rule-Set to an Interface