Element timeouts

From nftables wiki
Jump to: navigation, search

The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires.

Example, with per-element timeout:

% nft add table inet filter
% nft add set inet filter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet filter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet filter {
	set myset {
		type ipv4_addr
		flags timeout
		elements = { 10.0.0.1 timeout 10s expires 8s}
	}
}

Among other things you can use this feature by Updating sets from the packet path.