[Patch] ip{, 6}tables-restore -n with existing user defined
chain
Charlie Brady
charlieb-netfilter-devel at budge.apana.org.au
Thu May 19 18:46:17 CEST 2005
On Thu, 19 May 2005, Carl-Daniel Hailfinger wrote:
> Jonas Berlin schrieb:
>> Quoting Charlie Brady on 2005-05-18 16:07 UTC:
>>
>>>> I want to redefine an existing chain atomically. I can't do that with
>>>> the iptables command, but can almost do it with iptables-restore -n.
>>>> When I try, iptables barfs because the chain already exists. Duh! Yeah,
>>>> I know it exists, but I want to redefine it.
>>
>> One option is to make a new version with a new name and then atomically
>> replace jumps to the old version to use the new version:
>
> What about atomic rename instead?
That should be a different topic of discussion. Does anyone have any
objection to the patch as posted? IOW, does anyone depend on the current
semantics that calling "iptables-restore -n" with a definition of a
user-defined chain which already exists should fail, rather than redefine
the chain as specified in the script?
---
Charlie
More information about the netfilter-devel
mailing list