summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/parser_bison.y11
-rwxr-xr-xtests/shell/testcases/sets/0062set_connlimit_014
2 files changed, 25 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index cc477e65..0a3adbe8 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4188,6 +4188,17 @@ set_elem_stmt : COUNTER close_scope_counter
$$->limit.type = NFT_LIMIT_PKT_BYTES;
$$->limit.flags = $3;
}
+ | CT COUNT NUM close_scope_ct
+ {
+ $$ = connlimit_stmt_alloc(&@$);
+ $$->connlimit.count = $3;
+ }
+ | CT COUNT OVER NUM close_scope_ct
+ {
+ $$ = connlimit_stmt_alloc(&@$);
+ $$->connlimit.count = $4;
+ $$->connlimit.flags = NFT_CONNLIMIT_F_INV;
+ }
;
set_elem_expr_option : TIMEOUT time_spec
diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
new file mode 100755
index 00000000..4f95f383
--- /dev/null
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+ set est-connlimit {
+ type ipv4_addr
+ size 65535
+ flags dynamic
+ elements = { 84.245.120.167 ct count over 20 }
+ }
+}"
+
+$NFT -f - <<< $RULESET