On Thu, Oct 03, 2013 at 01:16:33AM +0200, Eric Leblond wrote: > THis patch makes use of the new nft_rule_nlmsg_build_id function > from libnftables for the delete operation. This lower the size > of the netlink message sent to kernel when flushing the rules. I think we can simplify the flush operation with a small change in nf_tables_delrule. The idea is to delete all rule if no chain is specified. The current approach is pretty time consuming, as we have to fetch the ruleset from the kernel, iterate over it and build the message to delete them. Would you send me patches to follow this approach? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
