On 2. Februar 2014 23:57:34 GMT+00:00, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >On Wed, Jan 29, 2014 at 12:34:12PM +0100, Patrick Schaaf wrote: >> Hi Pablo, >> >> another useful feature of ipset is that the same set is usable in the >> filter, nat, and mangle tables. >> >> If I'm not mistaken, sets in nftables are right now scoped within a >table, >> so I could not reuse them in that fashion. > >The table <-> set link is currently needed to check for loops if >verdict maps are used. But AFAICS, for sets with no verdict maps using >jump to chain, this limitation could be removed. I'll add this to my >TODO list. While this might be useful, I don't think it justifies more than minor code changes since the user can just as well only use a single table. Regarding TODO lists, I think it would be good to put the bigger items in the nftables TODO list. I'll start by cleaning it up and adding my current items. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
