Hi, On Wed, 8 Dec 2021, G.W. Haywood wrote: > On Tue, 7 Dec 2021, Daniel wrote: > > > myhandle=$(echo `$nft -sa list chain $1 $2 $3 |grep -F $4|grep -oP '(# > > handle ).*'`|cut -d " " -f 3) > > To me, quite apart from the reliance on a bunch of system utilities > which I'd really prefer to avoid in an operation of this kind, that > looks unnecessarily complex and rather fragile. > > This whole discussion suggests that something is missing from nft. I know not all kind of rulesets can be managed thus, but I suggest to rely heavily on sets, maps in nft. In lots of cases one can achieve technically static rules while the ruleset is fully dynamic, because all the modifications happen in the sets/maps. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
