On Sat, 24 Aug 2024 01:08:53 +0100
"Kerin Millar" <kfm@xxxxxxxxxxxxx> wrote:
> > The first questions I have:
> > Can/should I assume that each line in the output of "nft list" is a
> > separate, uh... "thing"[1] that can be (human-)parsed independently
> > from every other line?
>
> No, though it is possible to compose rulesets in the iptables-esque
> fashion that you imply. That is, by writing consecutive commands of the
> form of "add table", "add chain", "add rule" and so forth. However, the
> nft(8) utility does not have an option to list the loaded ruleset in that
> way. Instead, it always lists the ruleset in the declarative style.
I'm wondering if there's a misunderstanding here.
I'm thinking that the output of "nft list" could be like (90% of) python code, where a line like
a = b + c
can be understood (somewhat) in isolation, even though you don't have the context to know what a, b, and c are.
Or, the output of "nft list" could be more like SQL, where you can have lines like
SELECT x FROM
or
users INNER
which are each, an incomplete "thing", but can be part of a valid statement.
Is the "nft list" output more like python, or more like SQL?
