On Fri, Jan 06, 2017 at 08:18:11PM -0500, James wrote: > http://git.netfilter.org/nftables/tree/src/parser_bison.y#n1171 (and especially #n1206 and #n1213) > > would seem to indicate that the following should work... *is* it supposed to work? > > uname -a > Linux pc 4.8.0-32-generic #34-Ubuntu SMP Tue Dec 13 14:30:43 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > nft --version > nftables v0.7 (Scrooge McDuck) > nft flush ruleset > nft list ruleset > nft add table inet firewall > nft add set inet firewall v4timeoutintervals { type ipv4_addr\; flags interval\; timeout 1h\; } > <cmdline>:1:1-89: Error: Could not process rule: Operation not supported > add set inet firewall v4timeoutintervals { type ipv4_addr; flags interval; timeout 1h; } > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Either interval or timeout alone works but interval and timeout together don't. > > Basically, it seems that you can't use timeouts for subnets. Yes. Combination of intervals and timeouts is not yet implemented. Please, file a bug at netfilter's bugzilla so we can keep track of this enhancement request: https://bugzilla.netfilter.org/ Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
