From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [Patch] ip{, 6}tables-restore -n with existing user defined chain Date: Sat, 11 Jun 2005 18:12:49 +0200 Message-ID: <42AB0D81.2080804@trash.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Harald Welte , netfilter-devel@lists.netfilter.org Return-path: To: Charlie Brady In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Charlie Brady wrote: > > I want to redefine an existing chain atomically. I can't do that with > the iptables command, but can almost do it with iptables-restore -n. > When I try, iptables barfs because the chain already exists. Duh! Yeah, > I know it exists, but I want to redefine it. > > I don't see the semantics of this case defined anywhere, and I can't > find discussion of it in the archives. So I suggest that the semantics > be redefined, so that iptables-restore -n can redefine an existing chain > (iptables-restore without -n already does that). I really can't think > why anyone would depend on the current semantics. I have no objections, but since I'm not too familiar with that code I would like to hear Harald's opinion before applying it. Regards Patrick