On Sunday, July 21st, 2024 at 02:58, Kerin Millar <kfm@xxxxxxxxxxxxx> wrote:
> As far as I am aware, it is impossible to add elements in a way that merely reset their expiry times in the case that they exist
'reset element' was added in 1.0.8, but requires kernel 6.5 or later:
nft add element inet xyz set_ipv4 '{ 1.0.0.1 expires 1h }'
sleep 10
nft reset element inet xyz set_ipv4 '{ 1.0.0.1 }'
nft get element inet xyz set_ipv4 '{ 1.0.0.1 }'
See https://bugzilla.netfilter.org/show_bug.cgi?id=1689
Eric
