Re: Running nft --check as non-root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: Running nft --check as non-root
From: Peter Hoeg <peter@xxxxxxxx>
Date: Fri, 12 Aug 2022 13:15:41 +0800
In-reply-to: <20220811161500.GF8667@breakpoint.cc>
References: <874jyiu661.fsf@hoeg.com> <20220811161500.GF8667@breakpoint.cc>
User-agent: mu4e 1.8.8; emacs 29.0.50

Yes, this not a syntax check. The ruleset is passed to the kernel.


Is there any other way we can verify that at least the syntax is valid? Maybe have a --syntax flag that just invokes the scanner and parser without needing any privileged access?

I know nothing of the internals, so that might of course be completely impossible given the current architecture.

References:
- Running nft --check as non-root
  - From: Peter Hoeg
- Re: Running nft --check as non-root
  - From: Florian Westphal

Prev by Date: Re: Running nft --check as non-root
Next by Date: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
Previous by thread: Re: Running nft --check as non-root
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]

Powered by Linux