On Tue, Feb 12, 2008 at 07:56:20AM -0800, Tom Eastep wrote: > Brian J. Murrell wrote: >> On Tue, 2008-02-12 at 13:37 +0000, Andrew Suffield wrote: >>> It would be nice if the outage could be completely >>> eliminated. However, this is a problem for the kernel people - we'd >>> need atomic whole-configuration changes in netfilter and tc, rather >>> than the current rule-at-a-time system. > > We do have that now with Netfilter under Shorewall-perl (one atomic > update per table).
I don't believe so - my understanding of iptables-restore (based on studying its code) is that from the perspective of the kernel it is equivalent to running all the iptables commands by hand, so it's not atomic, it just doesn't have to reload the iptables binary and libraries a few hundred times. But it's possible that I'm missing something. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
