On Sun, Aug 21, 2016 at 11:22:08PM +0200, Carlos Falgueras García wrote:
> This patch introduces deletion in a similar fashion as in iptables, thus,
> we can delete the first rule that matches our description, for example:
>
> $ nft list -a ruleset
> table ip t {
> chain c {
> ip saddr 1.1.1.1 counter packets 0 bytes 0 # handle 1
> ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 2
> ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3
> ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4
> }
> }
> $ nft delete rule table chain ip saddr 1.1.1.2 counter
> $ nft list -a ruleset
> table ip t {
> chain c {
> ip saddr 1.1.1.1 counter packets 0 bytes 0 # handle 1
> ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3
> ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4
> }
> }
>
> The parser rule 'ruleid_spec' is now of the type 'struct rule' in order to
> hold a rule description. When rule is identified with its handle a dummy
> 'struct rule' is allocated to hold the specified handle.
Applied, thanks Carlos.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
