> 16:13 <rbasak> hallyn_: if not, then "iptables -D" can delete a rule by its specification,
> so perhaps "iptables -D ... || true; iptables -A ..." is a (hacky)
> workaround?
I think I prefer to keep a file like /run/lxc/features/iptables-checksum
to show that it's been done, or just check the iptables -L output.
> 16:13 <rbasak> hallyn_: if not, then "iptables -D" can delete a rule by its specification,
> so perhaps "iptables -D ... || true; iptables -A ..." is a (hacky)
> workaround?
I think I prefer to keep a file like /run/lxc/ features/ iptables- checksum
to show that it's been done, or just check the iptables -L output.