summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-08-29 16:23:20 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-30 12:19:36 +0200
commit2e56f533b36a2da62dd0dc49194ce28ee23e2b5e (patch)
tree19359360a362233ee37dd22083474f788c640648 /doc
parentb4026d2515b16513fa46193172a7dce9de5a6a80 (diff)
doc: Improve example in libnftables-json(5)
The introductory example was a bit flawed in that the third command ('list ruleset') wouldn't yield expected results due to all three commands ending in a single transaction and therefore the changes of the first two commands were not committed yet at the time ruleset was listed. Instead demonstrate adding a chain and a rule to the new table. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/libnftables-json.adoc29
1 files changed, 26 insertions, 3 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index ce1d3af8..af49adf7 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -68,7 +68,8 @@ order of appearance. For instance, the following standard syntax input:
----
flush ruleset
add table inet mytable
-list ruleset
+add chain inet mytable mychain
+add rule inet mytable mychain tcp dport 22 accept
----
translates into JSON as such:
@@ -76,8 +77,30 @@ translates into JSON as such:
----
{ "nftables": [
{ "flush": { "ruleset": null }},
- { "add": { "table": { "family": "inet", "name": "mytable" }}},
- { "list": { "ruleset": null }}
+ { "add": { "table": {
+ "family": "inet",
+ "name": "mytable"
+ }}},
+ { "add": { "chain": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain"
+ }}}
+ { "add": { "rule": {
+ "family": "inet",
+ "table": "mytable",
+ "chain": "mychain",
+ "expr": [
+ { "match": {
+ "left": { "payload": {
+ "name": "tcp",
+ "field": "dport"
+ }},
+ "right": 22
+ }},
+ { "accept": null }
+ ]
+ }}}
]}
----