Ivan Babrou <i...@cloudflare.com> wrote:
> Currently it's impossible to export notrack expr as json,
> as it lacks snprintf member and triggers segmentation fault.
Hmm, works for me:
table ip raw {
chain prerouting {
type filter hook prerouting priority -300; policy accept;
udp dport 53 notrack
}
gets exported as:
nft -j list ruleset
{"nftables": [{"metainfo": {"version": "0.9.1", "release_name": "Headless
Horseman", "json_schema_version": 1}}, {"table": {"family": "ip", "name":
"raw", "handle": 1}}, {"chain": {"family": "ip", "table": "raw", "name":
"prerouting", "handle": 1, "type": "filter", "hook": "prerouting", "prio":
-300, "policy": "accept"}}, {"rule": {"family": "ip", "table": "raw", "chain":
"prerouting", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload":
{"protocol": "udp", "field": "dport"}}, "right": 53}}, {"notrack": null}]}}]}
