On 23/03/2015 12:45, Pablo Neira Ayuso wrote:
Please, manually apply this: http://patchwork.ozlabs.org/patch/453392/ And provide feedback. Thank you.
Done. It's working beautifully. Thank you. Now that I can play with nft, I have a feature request: I'm saving my rule set in a file, called whenever the rule set must be applied/reapplied via nft -f. (It's to be applied whenever my DHCP client obtains a new lease.) I would like the rule set file to be the same for the first time and the subsequent times the rules are applied. It's only logical. I have to "flush table nat" and "flush table filter" at the beginning of the file, so nft does not duplicate rules on the second and later invocations. Problem is, the first invocation fails on those "flush" lines, because the tables are not defined yet! Is there a way for me to tell nft -f to ignore failures on "flush" ? I'm ok with an option to nft if you so choose. I'm also ok with a warning in my logs, provided nft keeps reading the ruleset, does the job, and exits 0. Thanks, -- Laurent -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
