bugzilla-daemon at netfilter.org
2015-Jan-28 09:23 UTC
[Bug 996] New: Add "replace" rule statement
https://bugzilla.netfilter.org/show_bug.cgi?id=996
Bug ID: 996
Summary: Add "replace" rule statement
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: luminarior at gmail.com
Add "replace" rule statement to easily replace rule in the chain with
the
current handle ID. Handle ID should be the same after replacement (shouldn't
be
changed). So it would be easier replace rule with some handle ID on some event
(IP address was changed, user have payed his account and got Internet access
(not only LAN), some IPs were added to ban list etc.).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20150128/449ecf22/attachment.html>
bugzilla-daemon at netfilter.org
2016-Mar-09 17:38 UTC
[Bug 996] Add "replace" rule statement
https://bugzilla.netfilter.org/show_bug.cgi?id=996
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Rule replacement is now available since:
commit 0721fbbe7a951a1e879d120c7a722012c38af9a6
Author: Carlos Falgueras Garc?a <carlosfg at riseup.net>
Date: Tue Oct 27 12:58:07 2015 +0100
src: Add command "replace" for rules
This is coming in the upcoming 0.6 release.
# nft list ruleset -a
table ip filter {
chain input {
ip protocol tcp counter packets 0 bytes 0 # handle 2
}
}
# nft replace rule filter input handle 2 ip protocol udp counter
# nft list ruleset
table ip filter {
chain input {
ip protocol udp counter packets 0 bytes 0
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160309/8b661f89/attachment.html>
bugzilla-daemon at netfilter.org
2016-Mar-09 17:56 UTC
[Bug 996] Add "replace" rule statement
https://bugzilla.netfilter.org/show_bug.cgi?id=996
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Rule replacement is now available since:
commit 0721fbbe7a951a1e879d120c7a722012c38af9a6
Author: Carlos Falgueras Garc?a <carlosfg at riseup.net>
Date: Tue Oct 27 12:58:07 2015 +0100
src: Add command "replace" for rules
This is coming in the upcoming 0.6 release.
# nft list ruleset -a
table ip filter {
chain input {
ip protocol tcp counter packets 0 bytes 0 # handle 2
}
}
# nft replace rule filter input handle 2 ip protocol udp counter
# nft list ruleset
table ip filter {
chain input {
ip protocol udp counter packets 0 bytes 0
}
}
Also documented in the wiki:
http://wiki.nftables.org/wiki-nftables/index.php/Simple_rule_management#Replacing_rules
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160309/00940635/attachment.html>
Possibly Parallel Threads
- [Bug 1256] New: Default ruleset files with tables are no longer installed after 0.8.3 version
- [Bug 1058] New: Add clamp MSS to MTU
- [Bug 1154] New: Allow include statement to operate on directories and/or wildcards
- [Bug 916] New: Build failure on Slackware 14.1 (./configure rejects libreadline.so)
- [Bug 1140] New: nft dump invalid (flow table)