Re: Understanding output from "nft list"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 24 Aug 2024 01:08:53 +0100
"Kerin Millar" <kfm@xxxxxxxxxxxxx> wrote:

> > The first questions I have:
> > Can/should I assume that each line in the output of "nft list" is a 
> > separate, uh... "thing"[1] that can be (human-)parsed independently 
> > from every other line?
> 
> No, though it is possible to compose rulesets in the iptables-esque 
> fashion that you imply. That is, by writing consecutive commands of the 
> form of "add table", "add chain", "add rule" and so forth. However, the 
> nft(8) utility does not have an option to list the loaded ruleset in that 
> way. Instead, it always lists the ruleset in the declarative style.

I'm wondering if there's a misunderstanding here.

I'm thinking that the output of "nft list" could be like (90% of) python code, where a line like
    a = b + c
can be understood (somewhat) in isolation, even though you don't have the context to know what a, b, and c are.

Or, the output of "nft list" could be more like SQL, where you can have lines like
  SELECT x FROM
      or
  users INNER
which are each, an incomplete "thing", but can be part of a valid statement.

Is the "nft list" output more like python, or more like SQL?





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux