Operations at ruleset level: Difference between revisions

Using native nft syntax

Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole.

listing

Listing the complete ruleset:

 % nft list ruleset

Listing the ruleset per family:

 % nft list ruleset arp
 % nft list ruleset ip
 % nft list ruleset ip6
 % nft list ruleset bridge
 % nft list ruleset inet

These commands will print all tables/chains/sets/rules of the given family.

flushing

In addition, you can also flush (erase, delete, wipe) the complete ruleset:

 % nft flush ruleset

Also per family:

 % nft flush ruleset arp
 % nft flush ruleset ip
 % nft flush ruleset ip6
 % nft flush ruleset bridge
 % nft flush ruleset inet

backup/restore

You can combine these two commands above to backup your ruleset:

 % echo "flush ruleset" > backup.nft
 % nft list ruleset >> backup.nft

And load it atomically:

 % nft -f backup.nft

Listing in JSON format

You can also export your ruleset in JSON format, just pass the '--json' option:

 % nft --json list ruleset > ruleset.json

See also

Some related information you may want to read:

• Atomic rule replacement
• Scripting