From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 20:39:23 +0000 (+0000)
Subject: Don't expire connection limit sets
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/5f3a5421476c68027c50b821916585ab01f0efa1

Don't expire connection limit sets
---

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 325e7740a..7fc46cff2 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -52,7 +52,9 @@ table inet filter {
     type ipv6_addr
 <%- end %>
     flags dynamic
+<%- unless set.start_with?("connlimit-") %>
     timeout 120s
+<%- end %>
   }
 
 <%- end %>