[Bug 1696] "nft -s list ruleset" should include "flush ruleset" as first line
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Jul 31 13:39:39 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1696
--- Comment #2 from Apachez <apachez at gmail.com> ---
Because when taking a backup I would expect it to be able to restore without
having to reboot the full box, and also be able to restore without throwing out
all sort of hard to troubleshoot errors such as:
# BUG: invalid input descriptor type 1634164560
# nft: erec.c:161: erec_print: Assertion `0' failed.
Another option would be to implement a "save" and "restore" option such as:
# nft save ruleset /path/backup.nft
and
# nft restore ruleset /path/backup.nft
The "save ruleset" would add "flush ruleset" as first line to the output file
(and whatever other commands might be needed).
While "restore ruleset" would use "flush ruleset" as the first line if that
doesnt exists in the input file.
This way doing something like this would work without getting odd errors:
# nft save ruleset /path/backup.nft
# nft -o -f /path/backup.nft
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230731/72fbaccd/attachment-0001.html>
More information about the netfilter-buglog
mailing list