On 09/03/2020 17:53, Frank Myhr wrote:
Is there a recommended way to test whether an element is a member of an
nftables set?
Unfortunately, there doesn't appear to be a straightforward way to
efficiently look up an element in a set from without the ruleset.
One option would be to use the JSON output format. Here is an example of
how it might be done with jshon [1] for a set whose elements contain
just a single data type:-
nft_set_test() {
local val=$1
shift
nft -j list set "$@" |
jshon -e nftables -e 1 -a -e elem -a -u |
grep -qxF "$val"
}
if nft_set_test 1.2.3.4 ip filter myset; then
echo "matched 1.2.3.4"
fi
Where jshon isn't available, jq [2] could be another option.
[1] http://kmkeen.com/jshon/
[2] https://stedolan.github.io/jq/
--
Kerin Millar
