On Wed, Aug 10, 2016 at 03:14:38PM +0200, jalvarez wrote: > In the end, do you think the following features could be added in nftables ? > - an expression to increment nfacct counters (maybe reusing the existing > semantic "counter xxx"). > - an expression to match if the quota set on the nfacct object is exceeded. > Something like : "counter name xxx overquota". > > This could lead to interesting things like starting to drop packets when a > quota is exceeded. Yes, quota support is also included. And similar semantics to nfacct will be retained. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
