I propose to create a new NetFilter table dedicated to rules created programmatically (not by explicit admin's iptables command).
Otherwise an admin could be tempted to say `iptables -F security` which would probably break rules created for example by sandboxing software (which may follow same-origin policy to restrict one particular program to certain domain and port only). Note that in this case `iptables -F security` is a security risk (sandbox breaking)? New table could be possibly be called: - temp - temporary - auto - automatic - volatile - daemon - system - sys In iptables docs it should be said that this table should not be manipulated manually. -- Victor Porton - http://portonvictor.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
