Hi Frank, On Tue, Jan 28, 2020 at 06:03:02PM -0500, Frank Myhr wrote: > Hi, > > I'm belatedly moving from iptables and ipset to nftables. I've become > accustomed to using 'ipset swap' to atomically update large ipsets (by > loading the update into a temp ipset, then swapping the temp ipset with the > old one, then finally deleting the temp ipset). From reading the fine > nftables wiki I gather that all nft operations* included in a single file > run with 'nft -f <file>' are first built up in parallel memory structures > and then applied atomically. Is this statement correct? > > * I'm particularly interested in 'add element' operations. > > Thanks, > Frank Yes, any nft script or command is atomic. Cheers ... Duncan.
