@@ -2080,6 +2080,70 @@ filter input iif eth0 drop
</refsect1>
<refsect1>
+ <title>Additional commands</title>
+ <para>
+ These are some additional commands included in nft.
+ </para>
+ <refsect2>
+ <title>export</title>
+ <para>
+ Export your current ruleset in XML or JSON format to stdout.
+ </para>
+ <para>
+ Examples:
+ <programlisting>
+% nft export xml
+[...]
+% nft export json
+[...]
+ </programlisting>
+ </para>
+ </refsect2>
+ <refsect2>
+ <title>monitor</title>
+ <para>
+ The monitor command allows you to listen to Netlink events produced
+ by the nf_tables subsystem, related to creation and deletion of objects.
+ When they ocurr, nft will print to stdout the monitored events in either
+ XML, JSON or native nft format.
+ </para>
+ <para>
+ To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements'.
+ </para>
+ <para>
+ To filter events related to a concrete action, use keyword 'new' or 'destroy'.
+ </para>
+ <para>
+ Hit ^C to finish the monitor operation.
+ </para>
+ <example>
+ <title>Listen to all events, report in native nft format</title>
+ <programlisting>
+% nft monitor
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to added tables, report in XML format</title>
+ <programlisting>
+% nft monitor new tables xml
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to deleted rules, report in JSON format</title>
+ <programlisting>
+% nft monitor destroy rules json
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to both new and destroyed chains, in native nft format</title>
+ <programlisting>
+% nft monitor chains
+ </programlisting>
+ </example>
+ </refsect2>
+ </refsect1>
+
+ <refsect1>
<title>Error reporting</title>
<para>
When an error is detected, nft shows the line(s) containing the error, the position
@@ -2097,7 +2161,7 @@ filter input iif eth0 drop
<programlisting>
<cmdline>:1:19-22: Error: Interface does not exist
filter output oif eth0
-^^^
+ ^^^^
</programlisting>
</example>
<example>
@@ -2105,7 +2169,7 @@ filter output oif eth0
<programlisting>
<cmdline>:1:28-36: Error: Right hand side of relational expression (==) must be constant
filter output tcp dport == tcp dport
-~~ ^^^^^^^^^
+ ~~ ^^^^^^^^^
</programlisting>
</example>
@@ -2124,7 +2188,7 @@ filter output oif wlan0
<para>
On success, nft exits with a status of 0. Unspecified
errors cause it to exit with a status of 1, memory allocation
- errors with a status of 2.
+ errors with a status of 2, unable to open Netlink socket with 3.
</para>
</refsect1>
Let's add info about 'monitor' and 'export'. While at it, fix other minors things, like the no-netlink return code and indentations of the document. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> --- doc/nft.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html