spoofcheck: Make use of go-nft's ApplyConfigEcho()
Store the relevant applied config part for later to extract the rule to delete from there instead of having to list the ruleset. This is much faster especially with large rulesets. Signed-off-by: Phil Sutter <psutter@redhat.com>
This commit is contained in:
Phil Sutter
7
vendor/github.com/networkplumbing/go-nft/nft/config.go
generated
vendored
7
vendor/github.com/networkplumbing/go-nft/nft/config.go
generated
vendored
@ -67,3 +67,10 @@ func ApplyConfig(c *Config) error {
|
||||
func ApplyConfigContext(ctx context.Context, c *Config) error {
|
||||
return nftexec.ApplyConfig(ctx, c)
|
||||
}
|
||||
|
||||
// ApplyConfigEcho applies the given nftables config on the system, echoing
|
||||
// back the added elements with their assigned handles
|
||||
// The system is expected to have the `nft` executable deployed and nftables enabled in the kernel.
|
||||
func ApplyConfigEcho(ctx context.Context, c *Config) (*Config, error) {
|
||||
return nftexec.ApplyConfigEcho(ctx, c)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user