Ct timeout

From nftables wiki
Revision as of 22:36, 7 April 2021 by Fmyhr (talk | contribs) (Created initial page, using example from nftables 0.9.1 release notes.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

You can use a ct timeout object to specify a connection tracking timeout policy for a particular flow.

The partial ruleset below defines a ct timeout named agressive-tcp and then attaches it to a rule to override the default timeout policy for packets going to port tcp/8888: 

table inet ct_timeout_demo {

    ct timeout agressive-tcp {
        l3proto ip;
        protocol tcp;
        policy = {established: 100, close_wait: 4, close: 4}
    }

    chain output {
        tcp dport 8888 ct timeout set "agressive-tcp"
    }
}

Support for ct timeout was added in nftables 0.9.1.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Ct_timeout&oldid=859"