On Wed, Dec 27, 2017 at 09:38:13PM +1100, Duncan Roe wrote: > Hi Pablo, > > On Mon, Dec 18, 2017 at 10:48:16AM +0100, Pablo Neira Ayuso wrote: > > Hi Duncan, > > > > On Sat, Dec 16, 2017 at 08:22:10PM +1100, Duncan Roe wrote: > > > Hi, > > > > > > For those who contribute to the wiki: > > > > > > I updated > > > https://wiki.nftables.org/wiki-nftables/index.php/Flow_tables section > > > "Doing iptables hashlimit with nft" in light of trying the examples. > > > > > > There's more in the associated discussion page, > > > > "Notice also that the translator defaults --hashlimit-htable-expire and > > --hashlimit-burst to 1000 milliseconds and 5 packets respectively so > > ''timeout 1s'' and ''burst 5 packets'' are inserted. You may remove > > either or both of these if you wish." > > > > I think we can just skip printing default values in the translation, I > > mean, we can "fix" the translation instead. > > > > BTW, this reminds me we should also expose the missing options such as > > hashlimit-htable-max and hashlimit-htable-gcinterval, those can be > > exposed too, it just needs some code in nft, I'll add this to my TODO > > list. > > > > Let us know, thanks for reviewing documentation! > > Since there's a patch in the works to fix these spurious defaults, would you > mind if I just left it until the fix is committed? No problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
