On 21 August 2017 at 19:54, Jeff Kletsky <netfilter@xxxxxxxxxxxx> wrote: > Thanks, good to know I wasn't missing anything. > > The cron job certainly works in a development environment. There is also the > approach to use a script that captures the current state, loads the new > rules, then waits for keyboard input for a length of time. If there isn't a > "yes, keep these" response, it reverts to the previous state. > This has been already discussed in Netfilter Workshop 2017 in Faro, Portugal. So, we are likely getting this feature at some point. A 'dry' mode has been recently added and will be part of next nftables release. Reference: http://git.netfilter.org/nftables/commit/?id=b4953803f26c442cdec4cad78a8261e9b97cd015 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
