On 23/01/2020 00:01, Mike Dillinger wrote:
I am running nftables 0.9.3 on Debian 10. Behind the Linux router, I have multiple clients, mostly Windows. Some of them would like to run an application such as Torrent but I'd like to limit the time that can happen. Ideally, I'd like use use a set within the nat table and have the access automatically expire after 4 hours. I have hit a brick wall and I don't see a straightforward way to do this since each nat entry needs a destination IP, inbound port, and destination port, yet set's only have a single one of those entries. I was leaning toward using a set because that's the only entry type that has automatic timeouts as far as I can tell.
Concatenations allow for set elements to be of a composite data type. type ipv4_addr . inet_service . inet_service -- Kerin Millar
