From nftables wiki
A limit uses a token bucket filter to match packets:
- only until its rate is exceeded; or
- only after its rate is exceeded, if defined as an over limit.
FIXME: Need at least one example here!
Declaring and using named limits
Listing named limits
nft list [limit | limits] (as per below) returns the limit(s) with current byte count.
- List a particular limit:
% nft list limit [family] [table_name] [limit_name]
- List all limits in a particular table:
% nft list limits table [family] [table_name]
- List all limits in ruleset:
% nft list limits