From: Laurent Bercot <ska-devel@skarnet.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter@vger.kernel.org
Subject: nftables feature request: don't fail "flush" on nonexistent tables (was: nftables: nft fails to add rules to chains)
Date: Mon, 23 Mar 2015 14:32:34 +0100 [thread overview]
Message-ID: <551015F2.7060801@skarnet.org> (raw)
In-Reply-To: <20150323114515.GA5552@salvia>
On 23/03/2015 12:45, Pablo Neira Ayuso wrote:
> Please, manually apply this:
>
> http://patchwork.ozlabs.org/patch/453392/
>
> And provide feedback. Thank you.
Done. It's working beautifully. Thank you.
Now that I can play with nft, I have a feature request:
I'm saving my rule set in a file, called whenever the rule
set must be applied/reapplied via nft -f. (It's to be applied
whenever my DHCP client obtains a new lease.)
I would like the rule set file to be the same for the first
time and the subsequent times the rules are applied. It's only
logical.
I have to "flush table nat" and "flush table filter" at the
beginning of the file, so nft does not duplicate rules on the
second and later invocations.
Problem is, the first invocation fails on those "flush" lines,
because the tables are not defined yet!
Is there a way for me to tell nft -f to ignore failures on "flush" ?
I'm ok with an option to nft if you so choose. I'm also ok with a
warning in my logs, provided nft keeps reading the ruleset, does the
job, and exits 0.
Thanks,
--
Laurent
next prev parent reply other threads:[~2015-03-23 13:32 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-19 20:24 nftables: nft fails to add rules to chains Laurent Bercot
2015-03-21 20:16 ` Laurent Bercot
2015-03-22 18:31 ` Pablo Neira Ayuso
2015-03-22 18:45 ` Laurent Bercot
2015-03-22 18:47 ` Laurent Bercot
2015-03-22 19:00 ` Pablo Neira Ayuso
2015-03-22 19:00 ` Laurent Bercot
2015-03-23 11:45 ` Pablo Neira Ayuso
2015-03-23 13:32 ` Laurent Bercot [this message]
2015-03-23 19:42 ` nftables feature request: don't fail "flush" on nonexistent tables (was: nftables: nft fails to add rules to chains) Arturo Borrero Gonzalez
2015-03-24 10:06 ` nftables feature request: don't fail "flush" on nonexistent tables Laurent Bercot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=551015F2.7060801@skarnet.org \
--to=ska-devel@skarnet.org \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.