On Wed, 2023-12-13 at 17:45 +0100, Florian Westphal wrote: > Thomas Haller <thaller@xxxxxxxxxx> wrote: > > Isn't the problem to solve that `nft flush ruleset` deletes tables > > owned by somebody else (firewalld)? > > If they are 'owned', then no, they are not flushed, thats one of the > points of the owner thing. With "tables owned by somebody else", I meant to be logically owned by firewalld (while not having NFT_TABLE_F_OWNER flag). Sorry for being unclear. > > > A "persist" flag sounds like a good solution. It would just have > > informational value (for user space) to be skipped by `nft flush > > ruleset`. > > 'flush' doesn't pass the to-be deleted tables to the kernel, so > this cannot be implemented via informational tags in userspace. > I see. Thanks. Thomas
