[Bug 1467] New: [sets] support adaptive (escalating) rule(s)

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Sep 23 12:13:26 CEST 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1467

            Bug ID: 1467
           Summary: [sets] support adaptive (escalating) rule(s)
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: vtolkm at gmail.com

once bug #1466 is sorted consider support for adaptive (escalating) rule(s)
based on element counters, e.g.

* if { saddr counter N } then { set element timeout } multiply by or add
timeout factor (N1)
* if { saddr counter N *|+ N1 } then lookup saddr's cidr in geoip db and update
saddr to cidr range
* if { saddr cidr range counter N  } then lookup saddr cidr range in geoip db
and update saddr to ASN
* if { saddr ASN counter N  } then lookup ASN in geoip db and update saddr to
ISP's ASN range

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200923/6891826f/attachment.html>


More information about the netfilter-buglog mailing list