Hi,
I'm belatedly moving from iptables and ipset to nftables. I've become
accustomed to using 'ipset swap' to atomically update large ipsets (by
loading the update into a temp ipset, then swapping the temp ipset with
the old one, then finally deleting the temp ipset). From reading the
fine nftables wiki I gather that all nft operations* included in a
single file run with 'nft -f <file>' are first built up in parallel
memory structures and then applied atomically. Is this statement correct?
* I'm particularly interested in 'add element' operations.
Thanks,
Frank
