Element timeouts

From nftables wiki
Revision as of 11:57, 5 January 2017 by Arturo (talk | contribs) (add pointer to Updating sets from the packet path)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires.

Example, with per-element timeout:

% nft add table inet filter
% nft add set inet filter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet filter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet filter {
	set myset {
		type ipv4_addr
		flags timeout
		elements = { 10.0.0.1 timeout 10s expires 8s}
	}
}

Among other things you can use this feature by Updating sets from the packet path.