On 15. apríla 2025 14:39:20 UTC, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >https://git.netfilter.org/nftables/commit/?id=da0bac050c8b2588242727f9915a1ea8bc48ceb2 Thanks, but i still do not understand, consider this set: table inet filter { set testset { type ipv4_addr flags interval,timeout auto-merge timeout 1m } } Now i add one network, and one or two seconds later second network:: nft add element inet filter testset "{ 192.168.1.0/24 }" sleep 1 nft add element inet filter testset "{ 192.168.2.0/24 }" Currently (1.0.6), they are merged with timeout reset:: table inet filter { set testset { ... elements = { 192.168.1.0-192.168.2.255 expires XY } } } What will be result with new behavior? Will be both (not merged) in set, each with different timeout/expires? Another example is to add subnet of existing element, currently the new subnet is not added (or is merged into existing without timeout change). How it will work with this new behavior? Will be both in set? Or error happens? Or something other? regards -- Slavko https://www.slavino.sk/
