Suppose I have a named quota myquota and I want a rule that checks to
see if a certain mark is on the packets, and if so, check to see if the
quota is over its quota, and if so drop packets
meta mark 0x123 quota over 1500 mbytes drop
works, but it creates an anonymous quota, and by the way the quota *does
not reset* when you run
nft reset quotas
(nftables 0.9.0 running on Debian 4.19.99 kernel)
That seems to be a bug?
what I'd like to do is use my named quota
meta mark 0x123 quota named myquota ### causes the packets to go towards
the quota, works fine
meta mark 0x123 ...... drop
how do I say "if myquota is over 1500 mbytes" in "...." section?
