Is there a way to implement the following mechanism in nftables? -A PREROUTING -m set --match-set wypad src -j SET --add-set wypad src --exist --timeout 86400 -A PREROUTING ! -i lo -p tcp -m multiport --dports *some_ports* -j SET --add-set wypad src --timeout 3600 -A PREROUTING -m set --match-set wypad src -j DROP Basically what this does it: - when someone tries to connect to the ports in the second rule, his IP will be added to the ipset list with the 3600s timeout. - when he tries to connect for the next time within the timeout, the timeout gets refreshed, now with 86400s. - if then IP is found on the list, it gets blocked. It's really easy to set this up in the case of iptables+ipset, but I couldn't really figure that out with nftables. So is it possible to do such thing?
Attachment:
signature.asc
Description: OpenPGP digital signature
