>>What happens if we delete ipset chains which are still in use by iptables?
ipset will throw an error like "ipset in use in iptables...." so I think we should check if it's used or not before trying to remove it. I'll implement next week ipset in iptables rules. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre Derumier" <[email protected]>, [email protected] Envoyé: Vendredi 28 Mars 2014 10:16:12 Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups applied, but have one more questions (inline). > sub apply_ruleset { > - my ($ruleset, $hostfw_conf, $verbose) = @_; > + my ($ruleset, $hostfw_conf, $ipset_ruleset, $verbose) = @_; > > enable_bridge_firewall(); > > update_nf_conntrack_max($hostfw_conf); > > + my $ipsetcmdlist = get_ipset_cmdlist($ipset_ruleset, $verbose); > + > my $cmdlist = get_rulset_cmdlist($ruleset, $verbose); > > print $cmdlist if $verbose; > > + ipset_restore_cmdlist($ipsetcmdlist); > + What happens if we delete ipset chains which are still in use by iptables? > iptables_restore_cmdlist($cmdlist); _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
