Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > But one can have multiple hooks (chains) in one table, even with the > > same priority (i not suggest that). Thus one can combine multiple > > tables into one and share sets, eg. in raw & filter hooks. > > Don't do that, please. Why not? Single-table approach makes sense, in my opinion, provided that single table is controlled by single entity, be that a program like firewalld or traditional sysadmin. With multi-table things become awkward due to the imposed scoping rules that prevent cross-table use of sets/maps.
