On Wed, May 22, 2013 at 03:53:26PM +0200, Jesper Dangaard Brouer wrote: > > On Tue, 21 May 2013, Eric Leblond wrote: > > >Knowing the rule handle is necessary to be able to delete a single > >rule. It was not displayed till now in the output and it was thus > >impossible to remove a single rule. > > The current iptables system supports deleting a specific rule by > simply specifying iptables -D [...] instead of equivilant iptables > -A [...] > > Would it be possible to keep this semantics in nftables? Yes, I wanted to add that feature myself. Implementation would be similar to what we do in iptables, IOW we'd compare either the netlink commands constructed from the rule specification or the internal expression representation, whatever seems better suited. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
