The introductory example was a bit flawed in that the third command
('list ruleset') wouldn't yield expected results due to all three
commands ending in a single transaction and therefore the changes of the
first two commands were not committed yet at the time ruleset was
listed.
Instead demonstrate adding a chain and a rule to the new table.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
flush ruleset
add table inet mytable
-list ruleset
+add chain inet mytable mychain
+add rule inet mytable mychain tcp dport 22 accept
----
translates into JSON as such:
----
{ "nftables": [
{ "flush": { "ruleset": null }},
- { "add": { "table": { "family": "inet", "name": "mytable" }}},
- { "list": { "ruleset": null }}
+ { "add": { "table": {
+ "family": "inet",
+ "name": "mytable"
+ }}},
+ { "add": { "chain": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain"
+ }}}
+ { "add": { "rule": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain",
+ "expr": [
+ { "match": {
+ "left": { "payload": {
+ "name": "tcp",
+ "field": "dport"
+ }},
+ "right": 22
+ }},
+ { "accept": null }
+ ]
+ }}}
]}
----
projects / thirdparty / nftables.git / commitdiff
