Operations at ruleset level: Difference between revisions

Latest revision as of 09:17, 31 July 2023

Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole.

Listing the complete ruleset:

 % nft list ruleset

Listing the ruleset per family:

 % nft list ruleset arp
 % nft list ruleset ip
 % nft list ruleset ip6
 % nft list ruleset bridge
 % nft list ruleset inet

These commands will print all tables/chains/sets/rules of the given family.

In addition, you can also flush (erase, delete, wipe) the complete ruleset:

 % nft flush ruleset

Also per family:

 % nft flush ruleset arp
 % nft flush ruleset ip
 % nft flush ruleset ip6
 % nft flush ruleset bridge
 % nft flush ruleset inet

You can combine these two commands above to backup your ruleset:

 % echo "flush ruleset" > backup.nft
 % nft list ruleset >> backup.nft

And load it atomically:

 % nft -f backup.nft

You can also export your ruleset in JSON format, just pass the '--json' option:

 % nft --json list ruleset > ruleset.json

@@ Line 38: / Line 38: @@
 You can combine these two commands above to backup your ruleset:
 <source lang="bash">
-  % echo "nft flush ruleset" > backup.nft
+  % echo "flush ruleset" > backup.nft
   % nft list ruleset >> backup.nft
 </source>
@@ Line 45: / Line 45: @@
   % nft -f backup.nft
 </source>
-== In XML or JSON format ==
+== Listing in JSON format ==
-You can also export your ruleset in XML or JSON format.
+You can also export your ruleset in JSON format, just pass the
+'--json' option:
-In this case, you have to issue the 'export' command:
 <source lang="bash">
-  % nft export xml > ruleset.xml
+  % nft --json list ruleset > ruleset.json
- % nft export json > ruleset.json
 </source>
-Note that the export operation output all the tables, of all families (ip, ip6, inet, arp, bridge).
-We are working now in the 'import' operation for XML and JSON.
 == See also ==