On 2020/03/09 14:56, kfm@xxxxxxxxxxxxx wrote:
One option would be to use the JSON output format. Here is an example of
how it might be done with jshon [1] for a set whose elements contain
just a single data type:-
nft_set_test() {
local val=$1
shift
nft -j list set "$@" |
jshon -e nftables -e 1 -a -e elem -a -u |
grep -qxF "$val"
}
if nft_set_test 1.2.3.4 ip filter myset; then
echo "matched 1.2.3.4"
fi
Where jshon isn't available, jq [2] could be another option.
[1] http://kmkeen.com/jshon/
[2] https://stedolan.github.io/jq/
Kerin,
Thank you very much for the link to jshon and even including a sample
script! Debian does have a jshon package available, I imagine I'll find
many uses for it. In this case, I think jshon approach fails for
interval sets when testing for a single element. (Say, test for 10.0.0.7
in set containing 10.0.0.0/8.) Right?
Thanks,
Frank
