Hey Kerin (and Duncan),
Thanks for the replies.
On Fri, Oct 1, 2021 at 9:57 PM Kerin Millar <kfm@xxxxxxxxxxxxx> wrote:
>
> On Fri, 1 Oct 2021 20:16:17 -0500
> Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:
>
> > I'd like to do something like the following:
> >
> > if exists $named_set
> > nft add rule ip filter output ip daddr $named_set accept
> > else
> > nft add rule ip filter output ip daddr $default_set accept
> >
> > Does anyone know if I can accomplish this with nftables?
> >
>
> The output of nft isn't particularly amenable to parsing unless it is instructed to produce JSON. The simplest way is to act upon the exit status value of a list set command.
>
> if nft --terse list set ip filter "$named_set" >/dev/null 2>&1; then ...
I should have been more specific...
I'm hoping to do this all in nft without hitting the shell. For
example, from "man bash" we have:
${parameter:-word}
Use Default Values. If parameter is unset or null, the
expansion of word is substituted. Otherwise,
the value of parameter is substituted.
I was hoping for some sort of similar mechanism in nft. Like:
nft add rule ip filter output ip daddr
${named_set_does_not_exist:-default_named_set} accept
Thanks for the help!
-m
