On Mon, May 20, 2013 at 03:00:43PM +0200, Pablo Neira Ayuso wrote: > * One transaction comes in one batch packet composed of several > netlink messages from user-space. > > * All rule updates are handled as transactions. > > * No need for explicit begin, commit and abort commands. We seem to need an explicit commit operation, we still have to support iptables-restore -t, in that case the rule-set update is not applied. This is supported with the current approach but this RFC does not cover that case. I'm going to give it another try to re-spin to this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
