On Wednesday 2012-05-23 23:25, Neal Murphy wrote:
>I knew I'd eventually remember why I subscribed to this list....
>
>While working on enhancing my firewall, it occurred to me that it'd be real
>nice to have a 'swap chain' feature in iptables that is equivalent to the
>'swap set' feature in ipset.
>Such a feature would minimize the amount of time that rules are unavailable
>when adding, changing or deleting them. At present, all the rules in the chain
>being modified are deleted, then the new rules are added. So there is a period
>of time, albeit brief, that rules are not available in that chain.
What, never heard of iptables-restore? Atomic replace has been in
iptables since a long long time.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
