The introductory example was a bit flawed in that the third command
('list ruleset') wouldn't yield expected results due to all three
commands ending in a single transaction and therefore the changes of the
first two commands were not committed yet at the time ruleset was
listed.Instead demonstrate adding a chain and a rule to the new table. Signed-off-by: Phil Sutter <[email protected]> --- doc/libnftables-json.adoc | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc index ce1d3af83122c..af49adf740881 100644 --- a/doc/libnftables-json.adoc +++ b/doc/libnftables-json.adoc @@ -68,7 +68,8 @@ order of appearance. For instance, the following standard syntax input: ---- flush ruleset add table inet mytable -list ruleset +add chain inet mytable mychain +add rule inet mytable mychain tcp dport 22 accept ---- translates into JSON as such: @@ -76,8 +77,30 @@ translates into JSON as such: ---- { "nftables": [ { "flush": { "ruleset": null }}, - { "add": { "table": { "family": "inet", "name": "mytable" }}}, - { "list": { "ruleset": null }} + { "add": { "table": { + "family": "inet", + "name": "mytable" + }}}, + { "add": { "chain": { + "family": "inet", + "table": "mytable", + "chain": "mychain" + }}} + { "add": { "rule": { + "family": "inet", + "table": "mytable", + "chain": "mychain", + "expr": [ + { "match": { + "left": { "payload": { + "name": "tcp", + "field": "dport" + }}, + "right": 22 + }}, + { "accept": null } + ] + }}} ]} ---- -- 2.18.0
