Hi Patrick,
On Fri, Nov 06, 2015 at 06:34:17PM +0000, Patrick McHardy wrote:
> # nft filter input flow table test iif . tcp flags counter
> # nft filter output flow table uidacct skuid . oif . ip protocol counter
Probably we can enclose the table definition in brackets? ie.
# nft filter output flow table uidacct { skuid . oif . ip protocol counter }
Thus the user becomes aware that any follow up statement applies
globally to the rule.
At this stage we only have one expression, but maybe in the future we
extend the flow table to support more that one stateful expression,
then we may have problems with this syntax.
Let me know, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
