Hi Alban, On Sun, Mar 03, 2019 at 02:31:30PM +0100, Alban Vidal wrote: > From: Alban VIDAL <alban.vidal@xxxxxxxxxx> > > Add a new '-Z' (or '--zero') option to iptables-save to show zeroed > counters for chains when saving rulesets. > > This option is particularly useful when using a version control system > (like git) to track the saved iptables rules, to minimize the delta > between different ruleset versions. > > The option is also added to xtables-save to keep compatibility on the > command line, however the functionality is not implemented yet. This patch does not apply, it seems your mail client has mangled the attachment. I wonder if this -Z semantics for iptables-save might be confusing. Telling this because iptables -L -z makes an atomic list and reset, so first time shows the existing counter values, so next time you call iptables -L shows zeroed counters. Probably you can use -z (lowercase) --print-zero-counters, so we reserve -Z in case we ever need something similar in the future for iptables-save that matches the exact behaviour of iptables -L -Z. Thanks.
