Wanted to use the "burst"-parameter in "limit rate" of nftables, but it doesn't work. nft add rule ip filter labor udp dport 33045 limit rate 3360/second burst 140 packets counter accept <cmdline>:1:95-101: Error: syntax error, unexpected packets, expecting end of file or newline or semicolon add rule ip filter labor udp dport 33045 limit rate 3360/second burst 140 packets counter accept ^^^^^^^ Official commit (http://git.netfilter.org/nftables/commit/?id=174f4a120ec7644531728621cfab5ce7fdb481c3) requires a kernel >= 4.3-rc1. Seems like net-firewall/nftables is outdated!? I'm using: sys-kernel/gentoo-sources-4.5.0-r1 +symlink -build -experimental -kdbus net-firewall/nftables-0.5-r2 +readline -debug -gmp net-libs/libnftnl-1.0.5 -examples -json -static-libs -test -xml
Last release was 0.5 and was released on 2015-09-16. This feature was added on 2015-09-23. Therefore, it is a feature that has yet to be officially released. Gentoo generally discourages backporting later changes into earlier releases. That said, if you want to test the feature out early, you can patch nftables using epatch_user. See https://wiki.gentoo.org/wiki//etc/portage/patches on how to use that feature. Otherwise, please wait for the next release. Thanks.
