Your message dated Thu, 11 Jul 2019 10:46:17 +0200
with message-id <[email protected]>
and subject line Re: Bug#926411: Export to json/xml doesn't work
has caused the Debian Bug report #926411,
regarding Export to json/xml doesn't work
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
926411: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926411
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nftables
Version: 0.9.0-2
Severity: normal
Hello,
according to the nft man page, it is possible to export current ruleset
to JSON or XML format using this command:
nft export [ruleset] format
where format is a mandatory parameter and "may be either xml or json".
Using
the export command without format indeed raises an error:
# nft export
Error: syntax error, unexpected newline, expecting ruleset or xml or
json or vm
However, adding the format does not work either:
# nft export json
Error: this output type is not supported
This used to work in nftables 0.7-1 in Stretch (example with no rules
present)
# nft export json
{"nftables":[]}
Export to JSON allows automated processing of the ruleset and it would
be nice
to have it functional. Or - if the current state is not a regression but
an intentional change - it should be reflected in the man page.
Thanks
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages nftables depends on:
ii dpkg 1.19.5
ii libc6 2.28-8
ii libgmp10 2:6.1.2+dfsg-4
ii libjansson4 2.12-1
ii libnftables0 0.9.0-2
ii libreadline7 7.0-5
nftables recommends no packages.
nftables suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On 7/10/19 4:12 PM, Michal Šafránek wrote:
> I found solution/workaround:
> there is a parameter -j, which outputs to json format, so if you run nft with
> this parameter, you will get JSON formatted output.
>
> nft -j list ruleset
> {"nftables": [{"table": {"family": "inet", "name": "filter", "handle": 14}},
> {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 1,
> "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"chain":
> {"family": "inet", "table": "filter", "name": "forward", "handle": 2, "type":
> "filter", "hook": "forward", "prio": 0, "policy": "accept"}}, {"chain":
> {"family": "inet", "table": "filter", "name": "output", "handle": 3, "type":
> "filter", "hook": "output", "prio": 0, "policy": "accept"}}]}
>
> It’s bit confusing, the man page refers to "nft export json“ and there is no
> mention about -j parameter…
>
Yes, this is intentional.
nftables upstream dropped support for the 'export' functionality.
Closing this bug now.
--- End Message ---
