Hi,
I've created a ruleset that contains several dynamic sets with counters
that are incremented from the packet path using rules like:
update @suspect { ip saddr counter }
After awhile in operation, "nft list ruleset" produces output like:
table ip ip_filter {
set suspect {
type ipv4_addr
size 65535
flags dynamic,timeout
timeout 30d
gc-interval 1d
elements = { 1.2.3.4 expires 19d23h52m27s576ms counter packets 51
bytes 17265 }
}
But "nft -f" then chokes when loading the saved ruleset, with
"Error: syntax error, unexpected counter, expecting comma or '}'".
For now I can use sed to blank the counter text before reloading the
ruleset (as after reboot). That's bit clunky, and obviously loses the
counter values.
I do want to keep the dynamically-added elements across reboot. Is there
a better way to do so?
Thanks,
Frank
