[Bug 1716] The -s option does not always exclude stateful information for sets
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Oct 25 16:08:14 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1716
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Added Phil to Cc.
(In reply to Pablo Neira Ayuso from comment #1)
> Not related to this report but it should be possible to strip off 'timeout'
> when it is the same as the default set timeout, to avoid repetitive printing
> of the same timeout for every element, ie. only expires would be shown. In
> such case, if -s/--stateful is specified, then expires would not be not
> shown.
>
> For the record, 'expires' is stripped off from -s/--stateful since:
>
> commit 37988cf255e51efba0d81dbc43eb4f0a41e99813
> Author: Varsha Rao <rvarsha016 at gmail.com>
> Date: Tue Jun 6 11:55:40 2017 +0530
>
> src: Remove expire information from list stateless ruleset.
Hm, -s/--stateful skips 'expires' in the listing.
I had a recent discussion with Phil on what 'nft reset' should be resetting.
Now 'nft reset' only resets stateful objects that are declared in the ruleset,
not timeouts.
Probably this needs to be changed to get things aligned and provide an option
not to print the 'expires' part of the timeout to keep things consistent.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231025/546b21b5/attachment.html>
More information about the netfilter-buglog
mailing list