summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/nft.txt94
1 files changed, 56 insertions, 38 deletions
diff --git a/doc/nft.txt b/doc/nft.txt
index ba0c8c0b..5326de16 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -22,7 +22,10 @@ for Netfilter.
OPTIONS
-------
-For a full summary of options, run *nft --help*.
+The command accepts several different options which are documented here in groups for better
+understanding of their meaning. You can get information about options by running *nft --help*.
+
+.General options:
*-h*::
*--help*::
@@ -32,42 +35,73 @@ For a full summary of options, run *nft --help*.
*--version*::
Show version.
-*-n*::
-*--numeric*::
- Print fully numerical output.
+*-V*::
+ Show long version information, including compile-time configuration.
+
+.Ruleset input handling options that specify to how to load rulesets:
+
+*-f*::
+*--file 'filename'*::
+ Read input from 'filename'. If 'filename' is -, read from stdin.
+
+*-i*::
+*--interactive*::
+ Read input from an interactive readline CLI. You can use quit to exit, or use the EOF marker,
+ normally this is CTRL-D.
+
+*-I*::
+*--includepath directory*::
+ Add the directory 'directory' to the list of directories to be searched for included files. This
+ option may be specified multiple times.
+
+*-c*::
+*--check*::
+ Check commands validity without actually applying the changes.
+
+.Ruleset list output formatting that modify the output of the list ruleset command:
+
+*-a*::
+*--handle*::
+ Show object handles in output.
*-s*::
*--stateless*::
Omit stateful information of rules and stateful objects.
-*-N*::
-*--reversedns*::
- Translate IP address to names via reverse DNS lookup. This may slow down
- your listing since it generates network traffic.
+*-t*::
+*--terse*::
+ Omit contents of sets from output.
*-S*::
*--service*::
Translate ports to service names as defined by /etc/services.
+*-N*::
+*--reversedns*::
+ Translate IP address to names via reverse DNS lookup. This may slow down
+ your listing since it generates network traffic.
+
*-u*::
*--guid*::
Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group.
-*-p*::
-*--numeric-protocol*::
- Display layer 4 protocol numerically.
+*-n*::
+*--numeric*::
+ Print fully numerical output.
*-y*::
*--numeric-priority*::
Display base chain priority numerically.
-*-c*::
-*--check*::
- Check commands validity without actually applying the changes.
+*-p*::
+*--numeric-protocol*::
+ Display layer 4 protocol numerically.
-*-a*::
-*--handle*::
- Show object handles in output.
+*-T*::
+*--numeric-time*::
+ Show time, day and hour values in numeric format.
+
+.Command output formatting:
*-e*::
*--echo*::
@@ -78,27 +112,11 @@ For a full summary of options, run *nft --help*.
*--json*::
Format output in JSON. See libnftables-json(5) for a schema description.
-*-I*::
-*--includepath directory*::
- Add the directory 'directory' to the list of directories to be searched for included files. This
- option may be specified multiple times.
-
-*-f*::
-*--file 'filename'*::
- Read input from 'filename'. If 'filename' is -, read from stdin.
-
-*-i*::
-*--interactive*::
- Read input from an interactive readline CLI. You can use quit to exit, or use the EOF marker,
- normally this is CTRL-D.
-
-*-T*::
-*--numeric-time*::
- Show time, day and hour values in numeric format.
-
-*-t*::
-*--terse*::
- Omit contents of sets from output.
+*-d*::
+*--debug* 'level'::
+ Enable debugging output. The debug level can be any of *scanner*, *parser*, *eval*,
+ *netlink*, *mnl*, *proto-ctx*, *segtree*, *all*. You can combine more than one by
+ separating by the ',' symbol, for example '-d eval,mnl'.
INPUT FILE FORMATS
------------------