Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx> wrote:
> Suppose I have a named quota myquota and I want a rule that checks to see if
> a certain mark is on the packets, and if so, check to see if the quota is
> over its quota, and if so drop packets
Not possible, afaik.
> meta mark 0x123 quota over 1500 mbytes drop
>
> works, but it creates an anonymous quota, and by the way the quota *does not
> reset* when you run
>
> nft reset quotas
>
> (nftables 0.9.0 running on Debian 4.19.99 kernel)
>
> That seems to be a bug?
I would expect it to reset, yes.
[ named quotas came later ]
I think we should also reset the anon ones.
> what I'd like to do is use my named quota
>
> meta mark 0x123 quota named myquota ### causes the packets to go towards the
> quota, works fine
>
> meta mark 0x123 ...... drop
>
> how do I say "if myquota is over 1500 mbytes" in "...." section?
I don't think you can.
The mode is decided when (named) quota is created.
("add quota inet filter foo over 1500 mbytes").
