[pkg-netfilter-team] hello nft team > something that can help nft documentation

Scott westlake.cmm at gmail.com
Thu Sep 12 08:39:09 BST 2019 

there's iptables package with its manpage iptables-translate
"iptables-save > save.txt
iptables-restore-translate -f save.txt
iptables-restore-translate -f save.txt > ruleset.nft
nft -f ruleset.nft
nft list ruleset
"

^ If I were to follow online guides on how to use things like
nft list chain filter output
or nft list ruleset inet
The new user has no documentation to describe to him or her that "default" that iptables-translate does the following things,
1) it does not create an inet ruleset
2) the capital chain names are created as a default due to "iptables-translate" preferences, and <<< this is not documented.
^ There is no documentation anywhere informing the user that chain names can be capital, and the user is stuck wonder why their commands are not working.
-> the output of nft is not always clear for syntax -- we can let that a given,
.. but at least document somewhere even if it is in iptables-translate that the "default" chain names are getting placed into upper case, and that chain names with nft can indeed be capital case letters as well.
It is not hard to add this to documentation and would alleviate a lot of confusion for beginners like myself that have just learned about how nft works.
-- in essence, a mere example added to the manpage of iptables-translate could include something like
nft list chain filter OUTPUT
The user can always edit nft rulesets to have chain names all in lower case, but users like myself are so used to "iptables" as following mandatory rules that chain names are always capitals, .... see that only lower-case chain names are shown in documentation (and there is no capital case chain names in documentation anywhere) -- would just presume that they always need to be using lower case.
This is just not imho straight forward for beginners like myself who spent an hour or so for something that could be more clear.

thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20190912/c0cf3160/attachment.html>

More information about the pkg-netfilter-team mailing list