On Mon, Jul 01, 2013 at 09:43:19PM -0700, Maciej Żenczykowski wrote: > I haven't looked at the patch, but I'm guessing there should be a way > to disable this. Why? Today the behavior is random. If you added a NAT table rule before a FORWARD table rule, the NAT rules would be at the bottom of the iptables-save output. You're suggesting that completely random behavior should be the _default_? Isn't deterministic behavior a better default? Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
