This morning I was using the `timeout` feature of nftables, but came
across an apparent limitation where I was not able to update an
element in a set's timeout value unless I removed the element from the
set.

Can it be possible to handle the element timeout value without needed
to remove it from a set?

[root@fedora29 vagrant]# nft add element inet filter myset {10.0.0.1
timeout 1m }
[root@fedora29 vagrant]# nft add element inet filter myset {10.0.0.1
timeout 10m }
[root@fedora29 vagrant]# nft list ruleset
table inet filter {
        set myset {
                type ipv4_addr
                flags timeout
                elements = { 10.0.0.1 timeout 1m expires 59s542ms }
        }
}

Reply via email to