Quoting Florian Westphal <fw@xxxxxxxxx>:
Michael Menge <michael.menge@xxxxxxxxxxxxxxxxxxxx> wrote:i want to use a named set in nftables to to restrict outgoing http(s) connections only to update servers. As the update servers are behind CDNs with multiple changing IPs i need to automatically update the named set. I discovered that "reset element" was added to the nft command which should enable me to reset the timeout without removing the IPs already in the set, and to keep a clean list of IPs.No, you can update existing element timeouts: nft add element inet filter updatesv4 {1.2.3.4 timeout 1h expires 1h}
even better. IMHO the wiki needs to be clarified Quoting https://wiki.nftables.org/wiki-nftables/index.php/Element_timeout :
timeout and expires parameters cannot be modified in this case. The element should be recreated again if you need to reset them.
Quoting Florian Westphal <fw@xxxxxxxxx>:
This should be the right fix, I will submit this formally later:
thx -- -------------------------------------------------------------------------------- Michael Menge Tel.: (49) 7071 / 29-70316 Universität Tübingen Fax.: (49) 7071 / 29-5912Zentrum für Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxx
Wächterstraße 76 72074 Tübingen
Attachment:
smime.p7s
Description: S/MIME-Signatur
