Not doing it will affect existing flows, which is likely not wanted.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 doc/payload-expression.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 8b538968c84b..817b7a3c76b1 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -934,5 +934,5 @@ ct_id|
 .restrict the number of parallel connections to a server
 --------------------
 nft add set filter ssh_flood '{ type ipv4_addr; flags dynamic; }'
-nft add rule filter input tcp dport 22 add @ssh_flood '{ ip saddr ct count over 2 }' reject
+nft add rule filter input ct state new tcp dport 22 add @ssh_flood '{ ip saddr ct count over 2 }' reject
 --------------------
-- 
2.52.0