Operations at ruleset level

From nftables wiki
Revision as of 18:15, 23 November 2020 by Fw (talk | contribs) (xml/json export is not longer supported.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Using native nft syntax

Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole.


Listing the complete ruleset:

 % nft list ruleset

Listing the ruleset per family:

 % nft list ruleset arp
 % nft list ruleset ip
 % nft list ruleset ip6
 % nft list ruleset bridge
 % nft list ruleset inet

These commands will print all tables/chains/sets/rules of the given family.


In addition, you can also flush (erase, delete, wipe) the complete ruleset:

 % nft flush ruleset

Also per family:

 % nft flush ruleset arp
 % nft flush ruleset ip
 % nft flush ruleset ip6
 % nft flush ruleset bridge
 % nft flush ruleset inet


You can combine these two commands above to backup your ruleset:

 % echo "nft flush ruleset" > backup.nft
 % nft list ruleset >> backup.nft

And load it atomically:

 % nft -f backup.nft

Listing in JSON format

You can also export your ruleset in JSON format, just pass the '--json' option:

 % nft --json list ruleset > ruleset.json

See also

Some related information you may want to read: