bug report and future request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Netfilter team

first is it posible to fix this: 

You can delete the rule whose handle is 5 with the following command:
% nft delete rule filter output handle 5
Note: There are plans to support rule deletion by passing:
% nft delete rule filter output ip saddr 192.168.1.1 counter

but this is not yet implemented. So you'll have to use the handle to delete rules until that feature is implemented

This is from Docs:

https://wiki.nftables.org/wiki-nftables/index.php/Simple_rule_management#Removing_rules


if have 1k rule

table inet nft-qos-static {
        chain upload {
                type filter hook postrouting priority filter; policy accept;
                ip saddr 10.0.0.9 limit rate over 12 mbytes/second burst 50000 kbytes drop
.........
ip saddr 10.0.0.254 limit rate over 12 mbytes/second burst 50000 kbytes drop
        }


        chain download {
                type filter hook prerouting priority filter; policy accept;
                ip daddr 10.0.0.9 limit rate over 12 mbytes/second burst 50000 kbytes drop
........
ip saddr 10.0.0.254 limit rate over 12 mbytes/second burst 50000 kbytes drop
        }
}

and problem is not easy to delete rule for ip 10.0.0.100 or othere in list .
if use handle and list all rule  for example 4k and parse handle on every 10-15 sec will load cpu with this.


and second:

is it posible in this rule ppp*

table inet filter {
        flowtable fastnat {
                hook ingress priority 0; devices = { eth0, ppp* };
        }

        chain forward {
                type filter hook forward priority 0; policy accept;
                ip protocol { tcp , udp } flow offload @fastnat;
        }
}


or vlan* , the problem is on system dynamic up vlan or ppp is auto up when user is connect


If there options to fix and add this options will be great,

thanks in advance

Martin.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux