Actually, after your patch and Arturo's, it could be possible to
improve the ruleset management so
it would use create/add/replace accordingly.
Though it means it would need to dump first the targeted
tables/chains to do so,
thus I am not sure how relevant is my blabbering from performance
point of view.
How would that work? Dumping rules, flushing the old ones and reinstalling
them is prone to race conditions.
There would be no flushing involved.
Comparing the dump vs the input ruleset you would know what to
remove/replace/add.
But maybe there is no benefit from that anyway.
Tomasz
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
