sontu mazumdar <sontu21@xxxxxxxxx> wrote:
> I am exploring whether it's possible to add logging support at the
> element level within an nftables set. Specifically, I'm looking for
> functionality where an individual element in a set can trigger a log
> when it's matched—something like the following:
>
> table inet mytable {
> set s {
> typeof ip saddr
> counter
> elements = { 1.1.1.1 log prefix "element1" level info,
> 1.1.1.3 log prefix "element2" level info }
> }
> }
Could be done, however, typically "log" is combined with "limit" to
prevent log flooding.
> I understand that nftables sets currently do not support logging at
> the element level. Is there any plan to introduce this feature in
> future releases?
Not that I know of. Whats your use case?
