On Tue, Aug 6, 2019 at 8:21 PM Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> wrote:
>
> I thought meters were unique in that the set underlying them gets added to by
> incoming traffic. Can maps/sets do that?
>
> Also can maps/sets duplicate the functionality of a meter with a counter?: if
> you have one of those running for a while with no time-out then nft list shows
> counts for each different IP connected to by the system (metering outbound
> connections IIRC)
>
Sure, something like:
table ip my_filter_table {
set my_connlimit {
type ipv4_addr
size 65535
flags dynamic
elements = { 192.168.56.1 counter packets 2 bytes 656 }
}
chain my_output_chain {
type filter hook output priority filter; policy accept;
ct state new add @my_connlimit { ip daddr counter } accept
}
}
