I am beginning to plan my change from iptables to native nft.
My iptables shell script has some conditionals where rules are included
or not depending on environment variables or other conditions that are
known beforehand. Example: whether or not all interfaces, or only some,
are up.
Is this possible with nft? I.e., something like:
define externalinterfaceready = 1
...
if ( externalinterfaceready) {
... add rules depending on the external interface being up
}
And even better if it could query environment variables.
I haven't seen any description of something like this being possible in
a less clumsy way than dynamically building an include file for every
"if" and include them in the ruleset at suitable points.
Have I overlooked something?
Thanks,
Jesper
--
Jesper Dybdal
https://www.dybdal.dk
