<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - nft dump invalid (flow table)"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1140">bug 1140</a>

          <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">Resolution</td>

           <td>---

           </td>

           <td>FIXED

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">Status</td>

           <td>NEW

           </td>

           <td>RESOLVED

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - nft dump invalid (flow table)"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1140#c6">Comment # 6</a>

              on <a class="bz_bug_link 

          bz_status_RESOLVED  bz_closed"

   title="RESOLVED FIXED - nft dump invalid (flow table)"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1140">bug 1140</a>

              from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>

</span></b>

        <pre>Flow table syntax is deprecated these days, see:

<a href="https://wiki.nftables.org/wiki-nftables/index.php/Meters">https://wiki.nftables.org/wiki-nftables/index.php/Meters</a>

This still works for backward compatibility though, even if it's not the

preferred way to instantiate these dynamic sets.

A quick test says this is working:

# cat /tmp/x.nft

flush ruleset

table inet filter {

  chain input {

    type filter hook input priority 0;

    ip protocol icmp flow table i4 { icmp type counter } accept

    ip6 nexthdr icmpv6 flow table i6 { icmpv6 type counter } accept

  }

}

# nft -f /tmp/x.nft

# nft list ruleset > /tmp/y.nft

# nft flush ruleset 

# nft -f /tmp/y.nft

# nft list ruleset

table inet filter {

        chain input {

                type filter hook input priority filter; policy accept;

                ip protocol icmp meter i4 size 65535 { icmp type counter }

accept

                ip6 nexthdr ipv6-icmp meter i6 size 65535 { icmpv6 type counter

} accept

        }

}

Closing this old bug.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>