On Wed, Jan 22, 2014 at 10:17:25AM +0100, Pablo Neira Ayuso wrote: > On Wed, Jan 22, 2014 at 08:54:40AM +0000, Patrick McHardy wrote: > > > > > > I think we need to add a new flush operation with the new semantics > > > and keep the old one, at least the compat layer needs a flush > > > operation that leaves all chain objects intact to imitate iptables -F. > > > > How about: > > > > flush table: flushes everything, removes chains and sets > > This is what Arturo has been asking for his new import/export feature. Right, but IMO this is not what it should be used for since the import should most likely perform an atomic replace. > > flush chains: flushes rules within all chains (iptables -F) > > flush chain: flushes rules within a chain > > This last one also allows -F tablename. There's code for these two, so > I think we only need the "massive destruction" flush mode :) Yep. I can look into this, probably next week. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
