On Tue, Nov 12, 2024 at 07:18:55PM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > But one can have multiple hooks (chains) in one table, even with the > > > same priority (i not suggest that). Thus one can combine multiple > > > tables into one and share sets, eg. in raw & filter hooks. > > > > Don't do that, please. > > Why not? Single-table approach makes sense, in my opinion, > provided that single table is controlled by single entity, be > that a program like firewalld or traditional sysadmin. > > With multi-table things become awkward due to the imposed > scoping rules that prevent cross-table use of sets/maps. Sorry, I misread this email. Single table is indeed the way to go.
