Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> How can we actually relate the rule with the flow table if we have
> several anonymous flow tables?
nft list table filter
table ip filter {
chain input {
type filter hook input priority 0; policy accept;
flow table __ft0 { ip saddr counter packets 0 bytes 0}
flow table __ft1 { ip daddr counter packets 0 bytes 0}
}
... so the internal name will be shown.
[..]
> This also provides a way to restore blacklist/whitelist in case we want
> to save them into file and restore them later. The original idea is
> that flow tables contain volatile information, but I think someone may
> want to store the current state into file and restore it, eg. in case
> it needs to reboot the system.
Agree.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
