Difference between revisions of "Operations at ruleset level"

From nftables wiki
Jump to: navigation, search
(Created page with "== Using native nft syntax == Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole. === listing === Listing the...")
 
(xml/json export is not longer supported.)
 
(One intermediate revision by one other user not shown)
Line 45: Line 45:
 
  % nft -f backup.nft
 
  % nft -f backup.nft
 
</source>
 
</source>
== In XML or JSON format ==
+
== Listing in JSON format ==
  
You can also export your ruleset in XML or JSON format.
+
You can also export your ruleset in JSON format, just pass the
 +
'--json' option:
  
In this case, you have to issue the 'export' command:
 
 
<source lang="bash">
 
<source lang="bash">
  % nft export xml > ruleset.xml
+
  % nft --json list ruleset > ruleset.json
% nft export json > ruleset.json
 
 
</source>
 
</source>
  
Note that the export operation output all the tables, of all families (ip, ip6, inet, arp, bridge).
+
== See also ==
  
We are working now in the 'import' operation for XML and JSON.
+
Some related information you may want to read:
 +
 
 +
* [[Atomic rule replacement]]
 +
* [[Scripting]]

Latest revision as of 18:15, 23 November 2020

Using native nft syntax

Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole.

listing

Listing the complete ruleset:

 % nft list ruleset

Listing the ruleset per family:

 % nft list ruleset arp
 % nft list ruleset ip
 % nft list ruleset ip6
 % nft list ruleset bridge
 % nft list ruleset inet

These commands will print all tables/chains/sets/rules of the given family.

flushing

In addition, you can also flush (erase, delete, wipe) the complete ruleset:

 % nft flush ruleset

Also per family:

 % nft flush ruleset arp
 % nft flush ruleset ip
 % nft flush ruleset ip6
 % nft flush ruleset bridge
 % nft flush ruleset inet

backup/restore

You can combine these two commands above to backup your ruleset:

 % echo "nft flush ruleset" > backup.nft
 % nft list ruleset >> backup.nft

And load it atomically:

 % nft -f backup.nft

Listing in JSON format

You can also export your ruleset in JSON format, just pass the '--json' option:

 % nft --json list ruleset > ruleset.json

See also

Some related information you may want to read: