[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/5] hotplug/linux: Improve iptables logic

On Tue, 2014-05-20 at 13:23 +0200, Sylvain Munaut wrote:
> Hi,
> 
> 
> > And here the redundant rules are dropped and the rest are reordered
> > slightly, which again I think/suppose is safe.
> 
> Yes, it is. Because the rules have no overlap (i.e if one matches, the
> other won't).
> 
> I use -A instead of -I (to append rather than insert).
> 
> _HOWEVER_ I just realized that it had another impact which is to add
> the rules at the end of the chain rather than at the beginning which
> will significantly change things if people have other rules in there.
> So I'll change back to using -I and change the logic a bit to handle
> this properly.
> 
> Damn, I almost missed that ...

I totally missed it too. I suspect the reordering is due to this as well
BTW.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.