Hi Pablo, On Tue, Oct 25, 2022 at 01:52:33PM +0200, Pablo Neira Ayuso wrote: > On Fri, Oct 14, 2022 at 11:45:57PM +0200, Phil Sutter wrote: > > In order to "zero" a rule (in the 'iptables -Z' sense), users had to > > dump (parts of) the ruleset in stateless form and restore it again after > > removing the dumped parts. > > > > Introduce a simpler method to reset any stateful elements of a rule or > > all rules of a chain/table/family. Affects both counter and quota > > expressions. > > Patchset LGTM. > > For the record, we agreed on the workshop to extend this to: > > - add support for this command to table, chain and set objects too. > - validate that nft syntax is consistent from userspace with other > existing commands (for example, list). Looking into this, I wonder if it might cause confusion with regards to stateful objects: My original patch implements: - reset rule [<fam>] <table> <chain> handle <num> - reset rules [<fam>] - reset rules table [<fam>] <table> - reset rules chain [<fam>] <table> <chain> This is relatively consistent with list command, which (e.g.) has: - list set [<fam>] <table> <set> - list sets [<fam>] - list sets table [<fam>] <table> IIRC, your request at NFWS was to introduce something like: - reset table (for 'reset rules table') - reset chain (for 'reset rules chain') But the first one may seem like resetting *all* state of a table, including named quotas, counters, etc. while in fact it only resets state in rules. Cheers, Phil
