On Sat, 2 Oct 2021 06:50:35 -0500
Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:
> Hey Kerin (and Duncan),
>
> Thanks for the replies.
>
> On Fri, Oct 1, 2021 at 9:57 PM Kerin Millar <kfm@xxxxxxxxxxxxx> wrote:
> >
> > On Fri, 1 Oct 2021 20:16:17 -0500
> > Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:
> >
> > > I'd like to do something like the following:
> > >
> > > if exists $named_set
> > > nft add rule ip filter output ip daddr $named_set accept
> > > else
> > > nft add rule ip filter output ip daddr $default_set accept
> > >
> > > Does anyone know if I can accomplish this with nftables?
> > >
> >
> > The output of nft isn't particularly amenable to parsing unless it is instructed to produce JSON. The simplest way is to act upon the exit status value of a list set command.
> >
> > if nft --terse list set ip filter "$named_set" >/dev/null 2>&1; then ...
>
> I should have been more specific...
>
> I'm hoping to do this all in nft without hitting the shell. For
> example, from "man bash" we have:
>
> ${parameter:-word}
> Use Default Values. If parameter is unset or null, the
> expansion of word is substituted. Otherwise,
> the value of parameter is substituted.
>
> I was hoping for some sort of similar mechanism in nft. Like:
>
> nft add rule ip filter output ip daddr
> ${named_set_does_not_exist:-default_named_set} accept
I see. As far as I'm aware, no such feature exists in nft at the current time.
--
Kerin Millar
