[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Nftables HOWTO documentation updates
From: Dennis Jacobfeuerborn <dennisml () conversis ! de>
Date: 2014-02-19 15:13:37
Message-ID: 5304CA21.9040309 () conversis ! de
[Download RAW message or body]
On 18.02.2014 12:25, Pablo Neira Ayuso wrote:
> Hi,
>
> I have registered a subdomain for nftables that hosts the nftables
> user HOWTO, you can reach it via:
>
> http://wiki.nftables.org
I checked out the HOWTO and it gives a really nice concise introduction
to how nftables work. Good work!
After browsing through the pages I have two questions:
Is it possible to comment rules like in iptables? Comments in iptables
made it really easy to manage rules on a logical level i.e. I could
define rule "types" by adding a special comment like "TYPE:X" and then
use that to grep for these rules to batch-remove them or retrieve the
counter values. It would be nice to be able to tag rules like this.
How do I insert multiple rules? The insertion example show the addition
of a single rule after a known handle but what if I want to add a second
rule after that? As far as I can tell from the example the add rule
command does not return the handle of the inserted rule so I have no
idea where to insert the second rule. Even if the command returned the
handle it would still require scripting to add multiple consecutive
rules so there should be a way to specify to add a list of rules
(atomically?) after a given handle.
Not sure if these features are not available or just not documented yet
but I'm approaching this by thinking about the use-cases I encounter and
looking at how I would implement these using nftables instead of iptables.
Regards,
Dennis
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic