Difference between revisions of "Ct timeout"

From nftables wiki
Jump to navigation Jump to search
(Created initial page, using example from nftables 0.9.1 release notes.)
 
(No difference)

Latest revision as of 22:36, 7 April 2021

You can use a ct timeout object to specify a connection tracking timeout policy for a particular flow.

The partial ruleset below defines a ct timeout named agressive-tcp and then attaches it to a rule to override the default timeout policy for packets going to port tcp/8888: 

table inet ct_timeout_demo {

    ct timeout agressive-tcp {
        l3proto ip;
        protocol tcp;
        policy = {established: 100, close_wait: 4, close: 4}
    }

    chain output {
        tcp dport 8888 ct timeout set "agressive-tcp"
    }
}

Support for ct timeout was added in nftables 0.9.1.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Ct_timeout&oldid=859"