On Wed, 7 Feb 2018, Pablo Neira Ayuso wrote: > On Tue, Feb 06, 2018 at 07:18:47PM +0100, Phil Sutter wrote: > > Automatic merging of adjacent/overlapping ranges upon insertion has > > clear benefits performance- and readability-wise. The drawbacks which > > led to disabling it by default don't apply to anonymous sets since they > > are read-only anyway, so enable this feature for them again. > > Question is, why someone would be adding elements with overlapping > ranges in an anonymous set? Then, when listing the ruleset you will get > something different to what you've added. This would also be > inconsistent with regards to the existing behaviour in named sets, where > this is turned off by default. > > For named sets, that are useful to maintain white/blacklists, I > understand this simplifies complexity for people dealing with them. But > not sure for anonymous sets. > > @Jeff: Is this also useful to you in the anonymous set use-case? IIRC we > agreed that this was good for named sets, but not for anonymous sets. In my opinion the consistent behaviour is the most desired one. Such subleties that by default there's no automerge in named sets but it's on for anonymous sets are easily overlooked by users. Better have a flag, option to turn it on explicitly for a given anonymous set. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
