Re: nftables Won't Restore with Timeout/Expire

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Florian, et al,

I wanted to follow up on this discussion we had about 3 weeks back. Debian just dropped 0.9.2 in the repos and I upgraded.

The expires statement in the saved ruleset is no longer an issue as far as loading the ruleset goes (nft -f /etc/nftables.conf); there are no more errors.  Thank you for fixing that!

However, the expires statement seems to be ignored instead of parsed.  So for example, let's say I have an IP address that expires in 10m.  If I save the ruleset (nft list ruleset > /etc/nftables.conf) I can see that 'x.x.x.x expires 10m' is in /etc/nftables.conf as expected.  Then when I flush and load the ruleset (nft -f /etc/nftables.conf; there is a 'flush ruleset' statement at the top of /etc/nftables.conf) it loads the IP's but resets the expired time to the set default.  So the IP that previously should have expired in 10m now expires in 2d (2d is my set default).

I wanted to confirm that this behavior is expected.

Thanks!
-MikeD





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux