0

I want to check that rules was loaded (e.g. ruleset in files are the same as in the kernel). I want to do it without modifying kernel rules. I can't compare files and nft list ruleset due to ordering, comments, formatting and so on.

Is there a way to see difference? Or, may be, there is a way to make nft to 'normalize' rules to match the format kernel rules are shown?

George Shuklin
  • 296
  • 2
  • 11

1 Answers1

0

You could try using the -j option, that outputs a json instead of the human readable output with nft -j list ruleset.

You then only have to compare two json outputs, a task that can be done easily using a tool like jd.

The only issue would be how to convert the ruleset from the file to json.

eltrai
  • 1,043
  • 9
  • 13
  • Yes, that part (of converting config to some convergent machine-readable format) is the main topic for the question. If I can do this, I can do the same for nftables list ruleset. unfortunately, it's still open question – George Shuklin Jul 17 '23 at 07:07