Element timeouts: Difference between revisions

From nftables wiki
Jump to navigation Jump to search
(Create page with a very basic syntax reference to element timeouts.)
 
(add pointer to Updating sets from the packet path)
Line 16: Line 16:
}
}
</source>
</source>
Among other things you can use this feature by [[Updating sets from the packet path]].

Revision as of 11:57, 5 January 2017

The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires.

Example, with per-element timeout:

% nft add table inet filter
% nft add set inet filter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet filter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet filter {
	set myset {
		type ipv4_addr
		flags timeout
		elements = { 10.0.0.1 timeout 10s expires 8s}
	}
}

Among other things you can use this feature by Updating sets from the packet path.