Processing nftable rules without loading them into the kernel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Processing nftable rules without loading them into the kernel
- From: George Shuklin <george.shuklin@xxxxxxxxx>
- Date: Sun, 9 Jul 2023 11:02:48 +0300
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0
I got a rather interesting task: I need to check if a given set of rules
on the disk is the same as loaded into the kernel.
The main problem is that nft list is quite different from the original
config (ordering, comments, etc), so I wonder if there is a way to make
nft just to read rules, process them and output back in the same format
as it is from nft ruleset list. Is there a way to force nft to just
'process' rules to stdout without loading them into the kernel?
[Index of Archives]
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Netem]
[Berkeley Packet Filter]
[Linux Kernel Development]
[Advanced Routing & Traffice Control]
[Bugtraq]
