Monitoring ruleset updates

From nftables wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

nft can display notifications of ruleset updates through: 

 % nft monitor

This subscribes nft to any kind of ruleset update.

You can filter out events per type of:

  • object: tables, chains, rules, sets and elements.
  • event: new and destroy.

The output format can be:

  • plain text (ie. native nft format)
  • xml
  • json

The following example shows how to follow track of rule updates only: 

 % nft monitor rules

In case, you only want to receive only new rules: 

 % nft monitor new rules

A bit more developed example

Type the following in a terminal: 

 term1% nft monitor

From a different terminal, if you type this: 

 term2% nft add table inet filter
 term2% nft add chain inet filter forward
 term2% nft add rule inet filter forward counter accept
 term2% nft flush table inet filter forward
 term2% nft flush ruleset

Then, if you go back to the term1, you'll see: 

 term1% nft monitor
 add table inet filter
 add chain inet filter forward
 add rule inet filter forward counter packets 0 bytes 0 accept
 delete rule inet filter forward handle 4
 delete chain inet filter forward
 delete table inet filter
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Monitoring_ruleset_updates&oldid=19"