As expires is stateful information. This patch removes expire
information from list stateless ruleset. With nft -s option, the
ruleset will be as following.
table ip firewall {
set host {
type ipv4_addr
flags timeout
elements = { 10.0.0.2 timeout 10m }
}
}
Signed-off-by: Varsha Rao <rvarsha016@xxxxxxxxx>
---
src/expression.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/expression.c b/src/expression.c
index 55dd391..4fef830 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -962,7 +962,7 @@ static void set_elem_expr_print(const struct expr *expr)
printf(" timeout ");
time_print(expr->timeout / 1000);
}
- if (expr->expiration) {
+ if (!stateless_output && expr->expiration) {
printf(" expires ");
time_print(expr->expiration / 1000);
}
--
2.9.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
