On 01/03/2019 09:45 AM, Florian Westphal wrote:
aha. In this scenario is 'quota name "myq"' a match or an action?
Both.
Ok, so I think this should be explained somewhere in the wiki under
"supported selectors for packet matching" as well as "possible actions
on packets" that the "quota" is both an action and a selector.
Yes, double-counting, but you do not need the last line, just add the
'drop' after the mark:
mark 0x123 quota name "myq" drop
mark 0x345 quota name "myq" drop
... and so on.
As long as the quota isn't exhausted, the 'drop' action won't be acted
on.
Great, that makes a lot of sense. looking at the wiki.nftables.org it
seems you need to be logged in to edit, and there's no obvious way to
create an account. I'd like to contribute to the documentation on this,
and I'd be happy to explain this on the wiki if that's ok, how would I
get access?
