The introductory example was a bit flawed in that the third command
('list ruleset') wouldn't yield expected results due to all three
commands ending in a single transaction and therefore the changes of the
first two commands were not committed yet at the time ruleset was
listed.
Instead demonstrate adding a chain and a rule to the new table.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
doc/libnftables-json.adoc | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index ce1d3af83122c..af49adf740881 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -68,7 +68,8 @@ order of appearance. For instance, the following standard syntax input:
----
flush ruleset
add table inet mytable
-list ruleset
+add chain inet mytable mychain
+add rule inet mytable mychain tcp dport 22 accept
----
translates into JSON as such:
@@ -76,8 +77,30 @@ translates into JSON as such:
----
{ "nftables": [
{ "flush": { "ruleset": null }},
- { "add": { "table": { "family": "inet", "name": "mytable" }}},
- { "list": { "ruleset": null }}
+ { "add": { "table": {
+ "family": "inet",
+ "name": "mytable"
+ }}},
+ { "add": { "chain": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain"
+ }}}
+ { "add": { "rule": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain",
+ "expr": [
+ { "match": {
+ "left": { "payload": {
+ "name": "tcp",
+ "field": "dport"
+ }},
+ "right": 22
+ }},
+ { "accept": null }
+ ]
+ }}}
]}
----
--
2.18.0
