bugzilla-daemon at netfilter.org
2013-Jun-24 18:32 UTC
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #6 from Jan Engelhardt <jengelh at medozas.de> 2013-06-24 20:32:22 CEST --->Unclear how you can say with certainty that this is impossibleRight now, tables are output in permutations that are considered to be random. (Sure there is module load order, but that is not documented, nor is it actually a usable assumption for any script writer. The module load order resonates on save-restore cycles.) Because a sorted permutation lies within the set of possible permutations, scripts expecting the random order do already supported the sorted order. Why should iptables do this? Because anything users have to construct above it is going to be more error-prone, because prominent system utilities (ls, top) also offer to do it, for the same reason and for user convenience. Consider the opposite point: would you be thrilled if all the rules were in random order too? (Assuming of course they be prefixed with a rule number to disambiguate between them.) -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Possibly Parallel Threads
- [Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
- [Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
- [Bug 580] New: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
- [Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
- [Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules