From: David Fabian <david.fabian@cldn.cz>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: question about UNDEFINE/REDEFINE
Date: Tue, 23 Jan 2018 13:40:03 +0100 [thread overview]
Message-ID: <1993002.08LkLsM8EI@voxel> (raw)
In-Reply-To: <20180123110728.i7hujeyz6224atd2@salvia>
Hello Pablo,
Dne úterý 23. ledna 2018 12:07:28 CET, Pablo Neira Ayuso napsal(a):
> I'm asking here because I would need to understand better how you've
> structured your scripts, if you could explain a bit more, we would
> appreciate.
I have packed an excerpt of a playground FW with two VLANs 3 and 54. The
configuration already uses my redefine keyword.
ftp://ftp.bosson.eu/pub/tmp/nftables_excerpt.tar.gz
The intended use case is to call nft -f fw-on and reload the firewall from
scratch every time there is a config change. I don't know how a cmdline
parameter would help us with it. Maybe if we would wrap nft calls with bash
scripts but that would defeat the purpose of using the nft scripting
capabilities in the first place.
The most important for us is to have the FW logically structured for every
customer and every FW rule related to a customer should be in his/her VLAN
config file.
--
Best regards,
David Fabian
Cluster Design, s.r.o.
next prev parent reply other threads:[~2018-01-23 12:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-22 13:53 question about UNDEFINE/REDEFINE David Fabian
2018-01-23 11:07 ` Pablo Neira Ayuso
2018-01-23 12:40 ` David Fabian [this message]
2018-01-26 13:45 ` Pablo Neira Ayuso
2018-01-26 13:48 ` Pablo Neira Ayuso
2018-01-30 11:05 ` David Fabian
2018-02-13 11:52 ` David Fabian
2018-01-26 18:43 ` Arturo Borrero Gonzalez
2018-01-30 11:22 ` David Fabian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1993002.08LkLsM8EI@voxel \
--to=david.fabian@cldn.cz \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).