Hello all, Both the ability to flush the ruleset and replace it with the new one atomically, without leaving an unprotected window, and the existence of named sets and maps, that can be updated dynamically when e.g. interfaces or routes are added and removed, are awesome features of nftables. The problem is, though, how to make these two features play nice with one another. One use case that I have in mind is to replace the collection of rules in chains with a new improved version, while keeping (or dumping and later restoring) the contents of named maps and sets. Saving the data from maps and sets with a separate command before reload of the ruleset, and repopulating after leaves a window during which dynamic updates may be lost, and a window during which the set operates with unpopulated maps/sets. What would be the recommended way to solve this problem? Thanks, Eugene
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
