How can nftables be configured using a declarative specification? I've been reading up on Firewalld, iptables commands, etc. I'm looking for a way to write the rules in JSON, YAML, TOML, etc. and just "apply" them.
Asked
Active
Viewed 148 times
1 Answers
1
I think regular nft syntax is just as declarative as anything else. Just include:
flush ruleset
At the beginning of your rules file, and then:
nft -f ruleset.nft
Will configure exactly the rules defined in your ruleset.nft file.
Writing rules in JSON or some other syntax doesn't make them any more declaritive (nft does support JSON input and output with the -j option, but you'll need to explicitly flush the ruleset with nft flush ruleset before loading the JSON rules, and you won't have an atomic operation in this case).
larsks
- 43,623
- 14
- 121
- 180