Open CristianCantoro opened 3 years ago
Dry run shouldn't be too hard. We could set the geo-filter table to dormant right from the get go (that way it's rules will never be evaulated), then add the IP block sets and rules as usual, then print out the ruleset and delete the geo-filter table.
I think the point is to work successfully even if it's impossible to run nft
. That way I could
all before affecting the actual configuration. Potentially before the target machine even boots.
Hi,
this is a request for an enhancement. The idea is to add a
--dry-run
option that outputs the new rules to stdout without actually changing anything, that would be useful to check the output of the command before actually running it.