http://wiki.nftables.org/wiki-nftables/index.php?action=history&feed=atom&title=Ct_expectationCt expectation - Revision history2026-05-13T17:45:37ZRevision history for this page on the wikiMediaWiki 1.43.6http://wiki.nftables.org/wiki-nftables/index.php?title=Ct_expectation&diff=861&oldid=prevFmyhr: Initial page, using example from nftables 0.9.2 release notes.2021-04-07T20:59:05Z<p>Initial page, using example from nftables 0.9.2 release notes.</p>
<p><b>New page</b></p><div>You can use a ''ct expectation'' object to create a [[Connection_Tracking_System|connection tracking]] expectation.<br />
<br />
The ruleset below creates an expectation on destination port tcp/5432 for each new connection to port tcp/8888. This expectation expires after 1 hour and the maximum number of expectations that are pending to be confirmed are 12.<br />
<br />
<source><br />
table ct_expect_demo {<br />
<br />
ct expectation e_pgsql {<br />
protocol tcp<br />
dport 5432<br />
timeout 1h<br />
size 12<br />
l3proto ip<br />
}<br />
<br />
chain input {<br />
type filter hook input priority filter;<br />
<br />
ct state new tcp dport 8888 ct expectation set "e_pgsql"<br />
ct state established,related counter accept<br />
}<br />
}<br />
</source><br />
<br />
Support for ''ct expectation'' was added in [https://marc.info/?l=netfilter&m=156621590113089&w=2 nftables&nbsp;0.9.2].</div>Fmyhr