On 17 December 2014 at 21:57, Jörg Thalheim <joerg@xxxxxxxxxxxxx> wrote:
>>> +nftables_restart() {
>>> + nftables_stop
>>> + nftables_start "$1"
>>
>> Here, I think the time between the stop and start, there is not
>> ruleset in the kernel.
>> I guess we can do it better, flushing the old ruleset and loading the
>> new one in a single,atomic step.
>
> Is this possible with nft? If so, how?
>
add a heading 'flush ruleset' to the file to be loaded.
Also, to load multiple files you can use "include" statements, and
still be atomic B-)
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
