Element timeouts

From nftables wiki
Revision as of 11:57, 5 January 2017 by Arturo (talk | contribs) (add pointer to Updating sets from the packet path)
Jump to navigation Jump to search

The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires.

Example, with per-element timeout:

% nft add table inet filter
% nft add set inet filter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet filter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet filter {
	set myset {
		type ipv4_addr
		flags timeout
		elements = { 10.0.0.1 timeout 10s expires 8s}
	}
}

Among other things you can use this feature by Updating sets from the packet path.