Phil Sutter <phil@xxxxxx> wrote: > On Sat, Aug 04, 2018 at 04:31:58PM +0200, Florian Westphal wrote: > > Phil Sutter <phil@xxxxxx> wrote: > > > Legacy ebtables-restore does not support COMMIT directive, so allow for > > > callers of xtables_restore_parse() to toggle support for it. > > > > > > If it is not supported, allow for next table definition without previous > > > COMMIT and implicitly commit the ruleset after parsing input instead of > > > complaining about missing final COMMIT statement. > > > > Hmm. Omitting COMMIT with iptables classic gives ability to do > > dryrun/syntax checking. > > Are you sure about that? Looking at iptables-restore.c, it seems COMMIT > before each next table line is mandatory, otherwise following lines are > attributed to the first table (which might cause unexpected results). > For test runs, legacy iptables-restore has '-t' flag. no COMMIT -> no action taken, it will just print a warning that no commit was given. It will still complain if a line could not be parsed. > Sounds good. The only complaint would be that legacy ebtables/arptables > dumps won't be accepted by nft variants anymore. Not sure if that's a > good thing (prevents users from restoring old crap) or a bad thing > (users may hand-craft dumps and have to adjust their scripts). Oh well. Given ebt format sucks anyway I don't think yet another divergence is all that important, so no COMMIT, then. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
