On Wednesday 2014-12-17 20:54, Jörg Thalheim wrote:
>+
>+nft_clear_table() {
>+ @sbindir@nft flush table "$1" "$2"
>+ @sbindir@nft list table "$1" "$2" \
>+ | awk '/^[ \t]+chain/{ print $2 }' \
>+ | xargs -r -L 1 @sbindir@nft delete chain "$1" "$2"
>+ @sbindir@nft list sets "$1" "$2" \
>+ | awk '/^[ \t]+set/{ print $2 }' \
>+ | xargs -r -L 1 @sbindir@nft delete set "$1" "$2"
>+}
Loading an empty ruleset would be a lot better (and likely faster too) -
iptables was able to do that.
>+nft_delete_table() {
>+ nft_clear_table "$1" "$2"
>+ if @sbindir@nft list table "$1" "$2" > /dev/null
>+ then
>+ @sbindir@nft delete table "$1" "$2"
>+ fi
>+}
This too should perhaps become some single step in some way.
>+nft_clear_protocol() {
>+ for T in $(@sbindir@nft list tables "$1" | cut -d ' ' -f 2)
>+ do
>+ nft_delete_table "$1" "$T"
>+ done
>+}
as should this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
