diff options
Diffstat (limited to 'doc/nft.xml')
-rw-r--r-- | doc/nft.xml | 70 |
1 files changed, 67 insertions, 3 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index 702891c2..41c0840f 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -2080,6 +2080,70 @@ filter input iif eth0 drop </refsect1> <refsect1> + <title>Additional commands</title> + <para> + These are some additional commands included in nft. + </para> + <refsect2> + <title>export</title> + <para> + Export your current ruleset in XML or JSON format to stdout. + </para> + <para> + Examples: + <programlisting> +% nft export xml +[...] +% nft export json +[...] + </programlisting> + </para> + </refsect2> + <refsect2> + <title>monitor</title> + <para> + The monitor command allows you to listen to Netlink events produced + by the nf_tables subsystem, related to creation and deletion of objects. + When they ocurr, nft will print to stdout the monitored events in either + XML, JSON or native nft format. + </para> + <para> + To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements'. + </para> + <para> + To filter events related to a concrete action, use keyword 'new' or 'destroy'. + </para> + <para> + Hit ^C to finish the monitor operation. + </para> + <example> + <title>Listen to all events, report in native nft format</title> + <programlisting> +% nft monitor + </programlisting> + </example> + <example> + <title>Listen to added tables, report in XML format</title> + <programlisting> +% nft monitor new tables xml + </programlisting> + </example> + <example> + <title>Listen to deleted rules, report in JSON format</title> + <programlisting> +% nft monitor destroy rules json + </programlisting> + </example> + <example> + <title>Listen to both new and destroyed chains, in native nft format</title> + <programlisting> +% nft monitor chains + </programlisting> + </example> + </refsect2> + </refsect1> + + <refsect1> <title>Error reporting</title> <para> When an error is detected, nft shows the line(s) containing the error, the position @@ -2097,7 +2161,7 @@ filter input iif eth0 drop <programlisting> <cmdline>:1:19-22: Error: Interface does not exist filter output oif eth0 -^^^ + ^^^^ </programlisting> </example> <example> @@ -2105,7 +2169,7 @@ filter output oif eth0 <programlisting> <cmdline>:1:28-36: Error: Right hand side of relational expression (==) must be constant filter output tcp dport == tcp dport -~~ ^^^^^^^^^ + ~~ ^^^^^^^^^ </programlisting> </example> @@ -2124,7 +2188,7 @@ filter output oif wlan0 <para> On success, nft exits with a status of 0. Unspecified errors cause it to exit with a status of 1, memory allocation - errors with a status of 2. + errors with a status of 2, unable to open Netlink socket with 3. </para> </refsect1> |