From 5f3a5421476c68027c50b821916585ab01f0efa1 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 20:39:23 +0000
Subject: [PATCH] Don't expire connection limit sets

---
 cookbooks/networking/templates/default/nftables.conf.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 325e7740a..7fc46cff2 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -52,7 +52,9 @@ table inet filter {
     type ipv6_addr
 <%- end %>
     flags dynamic
+<%- unless set.start_with?("connlimit-") %>
     timeout 120s
+<%- end %>
   }
 
 <%- end %>
-- 
2.39.5