<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - disable implicit concatenating of elements of sets with flag interval"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1184#c5">Comment # 5</a>
on <a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - disable implicit concatenating of elements of sets with flag interval"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1184">bug 1184</a>
from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span></b>
<pre>Hi Karel,
(In reply to Karel Rericha from <a href="show_bug.cgi?id=1184#c4">comment #4</a>)
<span class="quote">> Hi Pablo,
>
> I would vote for variant #2.
>
> Disable automerge as default and add automerge flag. True it might break
> some very specific case when someone is expecting implicit automerge, but I
> would say it will be very rare. Much more often people will run into
> problems not expecting implicit automerge.</span >
Agreed.
If we go for this variant, we would need to disable automerge in implicit sets
by default too, eg.
# nft add rule x y ip saddr { 1.1.1.1, 1.1.1.2, 1.1.1.4-1.1.1.6 }
# nft list ruleset
...
ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.4-1.1.1.6 }
So we don't automagically do this things. I would say it's better if we leave
this feature for someone that the user can explicitly request, though global
policy, or through some new nft option to request an explicit ruleset
optimization.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>