On Sat, 24 Aug 2024 01:08:53 +0100 "Kerin Millar" <kfm@xxxxxxxxxxxxx> wrote: > > The first questions I have: > > Can/should I assume that each line in the output of "nft list" is a > > separate, uh... "thing"[1] that can be (human-)parsed independently > > from every other line? > > No, though it is possible to compose rulesets in the iptables-esque > fashion that you imply. That is, by writing consecutive commands of the > form of "add table", "add chain", "add rule" and so forth. However, the > nft(8) utility does not have an option to list the loaded ruleset in that > way. Instead, it always lists the ruleset in the declarative style. I'm wondering if there's a misunderstanding here. I'm thinking that the output of "nft list" could be like (90% of) python code, where a line like a = b + c can be understood (somewhat) in isolation, even though you don't have the context to know what a, b, and c are. Or, the output of "nft list" could be more like SQL, where you can have lines like SELECT x FROM or users INNER which are each, an incomplete "thing", but can be part of a valid statement. Is the "nft list" output more like python, or more like SQL?