[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Running nft --check as non-root
From:       Peter Hoeg <peter () hoeg ! com>
Date:       2022-08-12 5:15:41
Message-ID: 87v8qy9gzg.fsf () hoeg ! com
[Download RAW message or body]


> Yes, this not a syntax check. The ruleset is passed to the kernel.

Is there any other way we can verify that at least the syntax is valid? Maybe have a \
--syntax flag that just invokes the scanner and parser without needing any privileged \
access?

I know nothing of the internals, so that might of course be completely impossible \
given the current architecture.


[prev in list] [next in list] [prev in thread] [next in thread]