diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-29 16:23:20 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-30 12:19:36 +0200 |
commit | 2e56f533b36a2da62dd0dc49194ce28ee23e2b5e (patch) | |
tree | 19359360a362233ee37dd22083474f788c640648 | |
parent | b4026d2515b16513fa46193172a7dce9de5a6a80 (diff) |
doc: Improve example in libnftables-json(5)
The introductory example was a bit flawed in that the third command
('list ruleset') wouldn't yield expected results due to all three
commands ending in a single transaction and therefore the changes of the
first two commands were not committed yet at the time ruleset was
listed.
Instead demonstrate adding a chain and a rule to the new table.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | doc/libnftables-json.adoc | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc index ce1d3af8..af49adf7 100644 --- a/doc/libnftables-json.adoc +++ b/doc/libnftables-json.adoc @@ -68,7 +68,8 @@ order of appearance. For instance, the following standard syntax input: ---- flush ruleset add table inet mytable -list ruleset +add chain inet mytable mychain +add rule inet mytable mychain tcp dport 22 accept ---- translates into JSON as such: @@ -76,8 +77,30 @@ translates into JSON as such: ---- { "nftables": [ { "flush": { "ruleset": null }}, - { "add": { "table": { "family": "inet", "name": "mytable" }}}, - { "list": { "ruleset": null }} + { "add": { "table": { + "family": "inet", + "name": "mytable" + }}}, + { "add": { "chain": { + "family": "inet", + "table": "mytable", + "chain": "mychain" + }}} + { "add": { "rule": { + "family": "inet", + "table": "mytable", + "chain": "mychain", + "expr": [ + { "match": { + "left": { "payload": { + "name": "tcp", + "field": "dport" + }}, + "right": 22 + }}, + { "accept": null } + ] + }}} ]} ---- |