[Bug 1725] New: Updating and destroying set elements
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Nov 13 16:33:12 CET 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1725
Bug ID: 1725
Summary: Updating and destroying set elements
Product: nftables
Version: 1.0.x
Hardware: All
OS: other
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: xnoreq at gmail.com
nftables 1.0.9
Archlinux 6.5.9-arch2-1
Currently, it does not seem to be possible to update elements for a set defined
like this:
table ip raw {
set BLACKLIST {
type ipv4_addr
size 1024
timeout 30d
}
}
with something like:
nft update element ip raw BLACKLIST '{ a.b.c.d timeout 10s }'
Instead, a hack like this is required:
nft add element ip raw BLACKLIST '{ a.b.c.d }'
nft delete element ip raw BLACKLIST '{ a.b.c.d }'
nft add element ip raw BLACKLIST '{ a.b.c.d timeout 10s }'
The delete is required such that the add can set the updated timeout.
The first add is necessary to prevent delete from failing in case the element
did not exist before.
Can we have an update command please? That would make this a lot easier.
Also, there seems to be a "destroy" for entire sets. Imo, it would also make
sense to have the same for set elements, like so:
nft destroy element ip raw BLACKLIST '{ a.b.c.d }'
Interestingly, in chapter SETS the man page specifies
{add | delete | destroy} element
but this fails if the element does not exist:
nft destroy element ip raw BLACKLIST '{ a.b.c.d }'
Error: Could not process rule: No such file or directory
destroy element ip raw BLACKLIST { a.b.c.d }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In the chapter elements the man page specifies
{add | create | delete | destroy | get | reset } element
but does not describe most of these operations.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231113/291c9953/attachment.html>
More information about the netfilter-buglog
mailing list