On Tue, Aug 06, 2019 at 05:00:00PM +0200, Laura Garcia wrote: > On Tue, Aug 6, 2019 at 1:04 PM Trent W. Buck <trentbuck@xxxxxxxxx> wrote: > > > > I'm trying to hashlimit/recent in nftables. My old example rulesets are: > > > > http://cyber.com.au/~twb/doc/iptab > > http://cyber.com.au/~twb/doc/iptab.ips (adds hashlimit/recent/CHAOS). > > > > My test nftables ruleset seems to be working: > > > > http://cyber.com.au/~twb/tmp/nftables-just-ips.nft > > > > These things confused me: > > > > * The wiki[1] says "the meter keyword is obsolete", but > > "man nft" (v0.9.1) and "iptables-translate" (v1.8.3) both still use it. > > > > Is there a way to change a meter rule into a map rule? > > I can't work it out. > > > > I tried variations on the examples at [1], but > > I got generic parse errors with nft v0.9.1 and linux 4.19 or 5.0. > > > > [1] https://wiki.nftables.org/wiki-nftables/index.php/Meters > > > > Hi, > > I've updated the wiki page with some of your proposals and fixed some commands. > > As meters are an specific case of maps/sets, I guess that they'll be > discarded some day. > > Cheers. Hi, I thought meters were unique in that the set underlying them gets added to by incoming traffic. Can maps/sets do that? Also can maps/sets duplicate the functionality of a meter with a counter?: if you have one of those running for a while with no time-out then nft list shows counts for each different IP connected to by the system (metering outbound connections IIRC) Cheers ... Duncan.
