On Thursday 2014-08-14 16:09, Holger Eitzenberger wrote: > >For case 2) the behaviour is unexpected: when using iptables-restore >to update an already existing hashtable <NAME> the updates are >ignored. Well, in a way, this is expected. If ruletable A references hashtable G and you restore ruletable B also referencing G, you don't necessarily want to clear out G. The sensible fix is to have atomic replace of the entire ruleset compassing all ruletables. Then, since all ruletables are going to get replaced, replacing G with new parameters is also permissible. At which point you may just question why the archaic concept of separate ruletables was carried over to nf_tables; compatibility for iptables to know which chain belongs to which table is just another label on the object of a (modern) chain. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
