From 2e56f533b36a2da62dd0dc49194ce28ee23e2b5e Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 29 Aug 2018 16:23:20 +0200
Subject: doc: Improve example in libnftables-json(5)

The introductory example was a bit flawed in that the third command
('list ruleset') wouldn't yield expected results due to all three
commands ending in a single transaction and therefore the changes of the
first two commands were not committed yet at the time ruleset was
listed.

Instead demonstrate adding a chain and a rule to the new table.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/libnftables-json.adoc | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

(limited to 'doc/libnftables-json.adoc')

diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index ce1d3af8..af49adf7 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -68,7 +68,8 @@ order of appearance. For instance, the following standard syntax input:
 ----
 flush ruleset
 add table inet mytable
-list ruleset
+add chain inet mytable mychain
+add rule inet mytable mychain tcp dport 22 accept
 ----
 
 translates into JSON as such:
@@ -76,8 +77,30 @@ translates into JSON as such:
 ----
 { "nftables": [
 	{ "flush": { "ruleset": null }},
-	{ "add": { "table": { "family": "inet", "name": "mytable" }}},
-	{ "list": { "ruleset": null }}
+	{ "add": { "table": {
+			"family": "inet",
+			"name": "mytable"
+	}}},
+	{ "add": { "chain": {
+			"family": "inet",
+			"table": "mytable",
+			"chain": "mychain"
+	}}}
+	{ "add": { "rule": {
+			"family": "inet",
+			"table": "mytable",
+			"chain": "mychain",
+			"expr": [
+				{ "match": {
+					"left": { "payload": {
+							"name": "tcp",
+							"field": "dport"
+					}},
+					"right": 22
+				}},
+				{ "accept": null }
+			]
+	}}}
 ]}
 ----
 
-- 
cgit v1.2.3