On 18.02.2014 12:25, Pablo Neira Ayuso wrote:
Hi,
I have registered a subdomain for nftables that hosts the nftables
user HOWTO, you can reach it via:
http://wiki.nftables.org
I checked out the HOWTO and it gives a really nice concise introduction
to how nftables work. Good work!
After browsing through the pages I have two questions:
Is it possible to comment rules like in iptables? Comments in iptables
made it really easy to manage rules on a logical level i.e. I could
define rule "types" by adding a special comment like "TYPE:X" and then
use that to grep for these rules to batch-remove them or retrieve the
counter values. It would be nice to be able to tag rules like this.
How do I insert multiple rules? The insertion example show the addition
of a single rule after a known handle but what if I want to add a second
rule after that? As far as I can tell from the example the add rule
command does not return the handle of the inserted rule so I have no
idea where to insert the second rule. Even if the command returned the
handle it would still require scripting to add multiple consecutive
rules so there should be a way to specify to add a list of rules
(atomically?) after a given handle.
Not sure if these features are not available or just not documented yet
but I'm approaching this by thinking about the use-cases I encounter and
looking at how I would implement these using nftables instead of iptables.
Regards,
Dennis
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
