Liping Zhang <zlpnobody@xxxxxxx> wrote: > From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> > > If we want to use ct packets expr, and add a rule like follows: > # nft add rule filter input ct packets gt 1 counter > > We will find that no packets will hit it, because > nf_conntrack_acct is disabled by default. So It will > not work until we enable it manually via > "echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct". > > This is not friendly, so like xt_connbytes do, if the user > want to use ct byte/packet expr, enable nf_conntrack_acct > automatically. Good idea, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
