[Bug 1696] "nft -s list ruleset" should include "flush ruleset" as first line
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Jul 31 13:09:35 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1696
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phil at nwl.cc
--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
Well, first of all the requested behaviour is unrelated to what '-s' flag does,
so it doesn't make much sense to combine them.
Next, a ruleset dumped via 'nft list ruleset' will restore fine after a reboot,
so dumping into a file and loading it via 'nft -f <file>' works fine for a
service to make a ruleset persistent.
Then, creating a flushing dump is trivial using '(echo 'flush ruleset' && nft
list ruleset) > /path/to/dump'. Another alternative for a service is to run
'nft "flush ruleset; include /path/to/dump;"'. Fedora's nftables service does
that, for instance.
I really don't see why nft should assist in this simple task.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230731/028931b4/attachment.html>
More information about the netfilter-buglog
mailing list