aports/config/nftables/nft/inet/redxenfirewall/filter/input/stateful/base

# Ban if connection attempts are still made over the limit
ct state new meter ban4  { ip  saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole4 { ip  saddr timeout 1h } counter reject;
ct state new meter ban6  { ip6 saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole6 { ip6 saddr timeout 1h } counter reject;
	`# Ban if connection attempts are still made over the limit`
	`ct state new meter ban4 { ip saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole4 { ip saddr timeout 1h } counter reject;`
	`ct state new meter ban6 { ip6 saddr timeout 10m limit rate over 2/second burst 60 packets } update @blackhole6 { ip6 saddr timeout 1h } counter reject;`