17. Dezember 2014 22:11 Uhr, "Arturo Borrero Gonzalez" <arturo.borrero.glez@xxxxxxxxx> schrieb:
> On 17 December 2014 at 21:57, Jörg Thalheim <joerg@xxxxxxxxxxxxx> wrote:
>
>>>> +nftables_restart() {
>>>> + nftables_stop
>>>> + nftables_start "$1"
>>>
>>> Here, I think the time between the stop and start, there is not
>>> ruleset in the kernel.
>>> I guess we can do it better, flushing the old ruleset and loading the
>>> new one in a single,atomic step.
>>
>> Is this possible with nft? If so, how?
>
> add a heading 'flush ruleset' to the file to be loaded.
>
> Also, to load multiple files you can use "include" statements, and
> still be atomic B-)
Is the "include" statement a new feature? Never saw this feature in the wild.
Does it works for directories too? Something like `include "/etc/nftables.d/*"`
or `includedir "/etc/nftables/"` would be awesome.
>
> --
> Arturo Borrero González
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
