On 11/02/2022 09:41, Eugene Crosser wrote: > More like, potentially multiple chains changed / added / removed, but the new > chains continue to reference the same maps and sets (precisely because I want to > preserve dynamically accumulated state). To make the use case more clear: _because_ I can use named sets and maps, I can get away with constant and small collection of rules, and keep all dynamic configuration in named maps and sets. As opposed to iptables where rules themselves have to be dynamically added and removed, making maintenance rather more difficult. Eugene
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
