* set ipv4_addr interval timeout?
@ 2017-01-07 1:18 James
2017-01-16 16:28 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: James @ 2017-01-07 1:18 UTC (permalink / raw
To: netfilter
http://git.netfilter.org/nftables/tree/src/parser_bison.y#n1171 (and especially #n1206 and #n1213)
would seem to indicate that the following should work... *is* it supposed to work?
uname -a
Linux pc 4.8.0-32-generic #34-Ubuntu SMP Tue Dec 13 14:30:43 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
nft --version
nftables v0.7 (Scrooge McDuck)
nft flush ruleset
nft list ruleset
nft add table inet firewall
nft add set inet firewall v4timeoutintervals { type ipv4_addr\; flags interval\; timeout 1h\; }
<cmdline>:1:1-89: Error: Could not process rule: Operation not supported
add set inet firewall v4timeoutintervals { type ipv4_addr; flags interval; timeout 1h; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Either interval or timeout alone works but interval and timeout together don't.
Basically, it seems that you can't use timeouts for subnets.
- James
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: set ipv4_addr interval timeout?
2017-01-07 1:18 set ipv4_addr interval timeout? James
@ 2017-01-16 16:28 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-01-16 16:28 UTC (permalink / raw
To: James; +Cc: netfilter
On Fri, Jan 06, 2017 at 08:18:11PM -0500, James wrote:
> http://git.netfilter.org/nftables/tree/src/parser_bison.y#n1171 (and especially #n1206 and #n1213)
>
> would seem to indicate that the following should work... *is* it supposed to work?
>
> uname -a
> Linux pc 4.8.0-32-generic #34-Ubuntu SMP Tue Dec 13 14:30:43 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> nft --version
> nftables v0.7 (Scrooge McDuck)
> nft flush ruleset
> nft list ruleset
> nft add table inet firewall
> nft add set inet firewall v4timeoutintervals { type ipv4_addr\; flags interval\; timeout 1h\; }
> <cmdline>:1:1-89: Error: Could not process rule: Operation not supported
> add set inet firewall v4timeoutintervals { type ipv4_addr; flags interval; timeout 1h; }
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Either interval or timeout alone works but interval and timeout together don't.
>
> Basically, it seems that you can't use timeouts for subnets.
Yes.
Combination of intervals and timeouts is not yet implemented. Please,
file a bug at netfilter's bugzilla so we can keep track of this
enhancement request:
https://bugzilla.netfilter.org/
Thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-01-16 16:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-07 1:18 set ipv4_addr interval timeout? James
2017-01-16 16:28 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.