Re: Nftables HOWTO documentation updates

[Dennis Jacobfeuerborn <dennisml@conversis.de>]

On 18.02.2014 12:25, Pablo Neira Ayuso wrote:
> Hi,
>
> I have registered a subdomain for nftables that hosts the nftables
> user HOWTO, you can reach it via:
>
>          http://wiki.nftables.org

I checked out the HOWTO and it gives a really nice concise introduction 
to how nftables work. Good work!

After browsing through the pages I have two questions:

Is it possible to comment rules like in iptables? Comments in iptables 
made it really easy to manage rules on a logical level i.e. I could 
define rule "types" by adding a special comment like "TYPE:X" and then 
use that to grep for these rules to batch-remove them or retrieve the 
counter values. It would be nice to be able to tag rules like this.

How do I insert multiple rules? The insertion example show the addition 
of a single rule after a known handle but what if I want to add a second 
rule after that? As far as I can tell from the example the add rule 
command does not return the handle of the inserted rule so I have no 
idea where to insert the second rule. Even if the command returned the 
handle it would still require scripting to add multiple consecutive 
rules so there should be a way to specify to add a list of rules 
(atomically?) after a given handle.

Not sure if these features are not available or just not documented yet 
but I'm approaching this by thinking about the use-cases I encounter and 
looking at how I would implement these using nftables instead of iptables.

Regards,
   Dennis