[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: A few questions concerning the "nft set" syntax
From: Mikhail Morfikov <mmorfikov () gmail ! com>
Date: 2019-03-06 12:02:32
Message-ID: 1f362192-1280-f9f2-3836-ce68df0ba493 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
On 26/02/2019 16:54, Mikhail Morfikov wrote:
> I'm in the middle of reading nft manual concerning the "nft set" syntax,
> and I wanted to ask a few questions to clarify some things I can't figure
> out.
>
> 1. What is the "mark" set type? I understand the other types, but I don't
> really know how would I use this one.
> 2. What are flags? There are "constant", "interval" and "timeout", but
> there's no info on what they do. So what's the difference between them?
> 3. There's a "timeout flag" and also a regular "timeout". What's the
> difference between them?
> 4. In the case of "size", we can read the following: "maximun number of
> elements in the set, mandatory if set is added to from the packet path
> (ruleset)". What does "from the packet path (ruleset)" really mean?
> 5. The next thing is "policy", which can be one of "performance" and
> "memory". What does the policy do? The default is the fist one. What
> if I set the other one? What will change?
>
>
Any info on this?
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic