Verified Commit d54e4efd authored by lelutin's avatar lelutin
Browse files

Use drop in stead of reject for DOS cases 

drop is the target that avoids ICMP responses. I believe this was just
an omission when copy/pasting the command above.
parent 74392cbb

howto/nftables.md

+1 −1
Original line number Diff line number Diff line
@@ -63,7 +63,7 @@ table, you could do this to block a host from accessing the server: 
That will generate an ICMP response. If this is a DOS condition, you

might rather avoid that and simply drop the packet with:



    nft insert rule inet filter INPUT 'ip saddr 192.0.2.0/24 reject'

    nft insert rule inet filter INPUT 'ip saddr 192.0.2.0/24 drop'



# Deleting a rule