On Fri, Oct 02, 2020 at 01:44:36PM +0200, Arturo Borrero Gonzalez wrote: > From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > > Previous to this patch, the basechain policy could not be properly configured if it wasn't > explictly set when loading the ruleset, leading to iptables-nft-restore (and ip6tables-nft-restore) > trying to send an invalid ruleset to the kernel. I have applied this with some amendments to the test file to cover the --noflush case. I think this is a real problem there, where you can combine to apply incremental updates to the ruleset. For the --flush case, I still have doubts how to use this feature, not sure it is worth the effort to actually fix it. We can revisit later, you can rewrite this later Phil.
