On Thu, Jul 26, 2018 at 06:13:27PM +0200, Harsha Sharma wrote:
> This patch adds support for adding, listing and deleting ct timeout
> objects which can be assigned via rule to assign connection tracking
> timeout policies via objref infrastructure.
>
> %nft add table filter
> %nft add chain filter output
> %nft add ct timeout filter test-tcp { protocol:tcp, established:132,
> close:13, close_wait:17 \; }
The syntax we discuss during NFWS is more like:
nft add ct timeout filter test-tcp { \
protocol tcp; \
policy = { established : 132, close:13, close_wait:17 } \;
}
Note that input (from command line) and output (when listing) should
be the same.
> %nft add rule filter output ct timeout set test-tcp
> %nft list ruleset
>
> table ip filter {
> ct timeout test-tcp {
> protocol tcp
> l3proto ip
> established 132 close 13 close_wait 17
If I run.
nft -f this-ruleset.nft
this doesn't work, so parser looks incomplete/broken.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
