Re: [nf-next PATCH] netfilter: nf_tables: Support updating table's owner flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 2023-12-13 at 17:45 +0100, Florian Westphal wrote:
> Thomas Haller <thaller@xxxxxxxxxx> wrote:
> > Isn't the problem to solve that `nft flush ruleset` deletes tables
> > owned by somebody else (firewalld)?
> If they are 'owned', then no, they are not flushed, thats one of the
> points of the owner thing.

With "tables owned by somebody else", I meant to be logically owned by
firewalld (while not having NFT_TABLE_F_OWNER flag). Sorry for being

> > A "persist" flag sounds like a good solution. It would just have
> > informational value (for user space) to be skipped by `nft flush
> > ruleset`.
> 'flush' doesn't pass the to-be deleted tables to the kernel, so
> this cannot be implemented via informational tags in userspace.

I see. Thanks.


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux