Re: [nftables/nft] nft equivalent of "ipset test"

<imnozi@xxxxxxxxx> · Tue, 17 Oct 2023 20:00:57 -0400

On Wed, 18 Oct 2023 00:36:37 +0200
"U.Mutlu" <um@xxxxxxxxxxx> wrote:

> ...
> Actualy I need to do this monster:   :-)
> 
> IP="1.2.3.4"
> ! nft "get element inet mytable myset  { $IP }" > /dev/null 2>&1 && \
> ! nft "get element inet mytable myset2 { $IP }" > /dev/null 2>&1 && \
>    nft "add element inet mytable myset  { $IP }"

Try using '||', akin to:

----
mkdir aaaa; cd aaaa
touch a b

(
  ls a || \
  ls b
) >/dev/null 2>&1 || \
echo "not found"

(
  ls c || \
  ls b
) >/dev/null 2>&1 || \
echo "not found"

(
  ls a || \
  ls d
) >/dev/null 2>&1 || \
echo "not found"

(
  ls c || \
  ls d
) >/dev/null 2>&1 || \
echo "not found"

cd ..
rm -rf aaaa
----

Only if neither file is found will the echo execute.

So this should do the trick for you:

----
(
    nft "get element inet mytable myset  { $IP }" || \
    nft "get element inet mytable myset2 { $IP }"
) >/dev/null 2>&1 || \
  nft "add element inet mytable myset  { $IP }"
----

N