Am 28.06.21 um 13:47 schrieb Alessandro Vesely:
On Mon 28/Jun/2021 12:17:11 +0200 Reindl Harald wrote:
Am 28.06.21 um 11:23 schrieb Alessandro Vesely:
A complex script doesn't have to be error prone.
it is by definition more error prone than a simple restore which has
exactly that job and it makes no sense to argue about such simple facts
As Kerin showed, restore is not intrinsically simpler, as it has to deal
with the same amount of data. It is only laid down in a different
format.
for the sake of god you are not supposed to deal with that format as
human at all - you only need to know where you write it and load it from
there
The shell format is more verbose, but has some advantages:
not at boot time
* it allows to test each single command separately
off-topic in the case of reload the complete ruleset
* its format is time-honored and fully documented.
off-topic in the case of reload the complete ruleset
do what you want but stop talking nonsense when it comes to best practice
One "best practice" that I'd object to is blindly restoring whatever was
saved on shutdown. How can one control that? Booting with some clean,
well-defined data looks safer
WTF: there is nothing magically or blindly saved and changed at
shutdown, it's the whole state as it was, the outcome from your script
do you guys not realize that your shellscripts are fine as mine are but
at the end the iptables ruleset has a defined state which want you have
restored 1:1 at boot
this whole discusssion is embarrassing and especially when the target
audience in this case is a noob-user it's idiotic not follow best practices
nobody gives a shit how you create the ruleset and nobody right in his
mind would touch the save-file by anything else but "iptables-save
--file path" as nobody right in his mind would load it by anything else
than "iptables-nft-restore path"
arguments like "i don't care if it's atomic in my special situation" and
"i don't care how long it takes in my special situation" are dumb in
context of the subject
please stop spreading bullshit - we have enough idiots out there blindly
follow whatever they read whereever on the internet without the
slightest clue what they are doing
YOU can do what you want on YOUR machine but best practices are there to
avoid endless threads over and over again when someone has a problem and
nobody knows about his setup and your "i do everything like i want" is
off-topic
