Operations at ruleset level

From nftables wiki
Revision as of 18:48, 13 July 2016 by Pablo (talk | contribs) (Created page with "== Using native nft syntax == Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole. === listing === Listing the...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Using native nft syntax

Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole.

listing

Listing the complete ruleset: 

 % nft list ruleset

Listing the ruleset per family: 

 % nft list ruleset arp
 % nft list ruleset ip
 % nft list ruleset ip6
 % nft list ruleset bridge
 % nft list ruleset inet

These commands will print all tables/chains/sets/rules of the given family.

flushing

In addition, you can also flush (erase, delete, wipe) the complete ruleset: 

 % nft flush ruleset

Also per family: 

 % nft flush ruleset arp
 % nft flush ruleset ip
 % nft flush ruleset ip6
 % nft flush ruleset bridge
 % nft flush ruleset inet

backup/restore

You can combine these two commands above to backup your ruleset: 

 % echo "nft flush ruleset" > backup.nft
 % nft list ruleset >> backup.nft

And load it atomically: 

 % nft -f backup.nft

In XML or JSON format

You can also export your ruleset in XML or JSON format.

In this case, you have to issue the 'export' command: 

 % nft export xml > ruleset.xml
 % nft export json > ruleset.json

Note that the export operation output all the tables, of all families (ip, ip6, inet, arp, bridge).

We are working now in the 'import' operation for XML and JSON.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Operations_at_ruleset_level&oldid=20"