How can nftables be configured using a declarative specification?

Corey

12/15/23, 9:29 PM

How can nftables be configured using a declarative specification? I've been reading up on Firewalld, iptables commands, etc. I'm looking for a way to write the rules in JSON, YAML, TOML, etc. and just "apply" them.

148

1 + 0

linux

routing

iptables

linux-networking

nftables

Score:1

Server

larsks

12/16/23, 1:26 AM

I think regular nft syntax is just as declarative as anything else. Just include:

flush ruleset

At the beginning of your rules file, and then:

nft -f ruleset.nft

Will configure exactly the rules defined in your ruleset.nft file.

Writing rules in JSON or some other syntax doesn't make them any more declaritive (nft does support JSON input and output with the -j option, but you'll need to explicitly flush the ruleset with nft flush ruleset before loading the JSON rules, and you won't have an atomic operation in this case).

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can nftables be configured using a declarative specification?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.