From dbbf962a27e526f4903c9a8c83ba98b8d18c3398 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sat, 17 Mar 2018 12:00:27 +0100 Subject: doc: describe table dormant flag also mention how to quit interactive mode and provide small table add example. Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- doc/nft.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/doc/nft.xml b/doc/nft.xml index 962e2933..182d3473 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -178,7 +178,7 @@ vi:ts=4 sw=4 - Read input from an interactive readline CLI. + Read input from an interactive readline CLI. You can use quit to exit, or use the EOF marker, normally this is CTRL-D. @@ -547,6 +547,19 @@ filter input iif $int_ifs accept add + create + + table + family + table + + + flags flags + + + + + delete list flush @@ -583,6 +596,54 @@ filter input iif $int_ifs accept keyword can be used to test which family (ipv4 or ipv6) context the packet is being processed in. When no address family is specified, ip is used by default. + + The only difference between add and create is that the former will + not return an error if the specified table already exists while create will return an error. + + + Table flags + + + + + + Flag + Description + + + + + dormant + table is not evalauted any more (base chains are unregistered) + + + +
+ + + + + Add, change, delete a table + +# start nft in interactive mode +nft --interactive + +# create a new table. +create table inet mytable + +# add a new base chain: get input packets +add chain inet mytable myin { type filter hook input priority 0; } + +# add a single counter to the chain +add rule inet mytable myin counter + +# disable the table temporarily -- rules are not evaluated anymore +add table inet mytable { flags dormant; } + +# make table active again: +add table inet mytable + + -- cgit v1.2.3