* nft bash completion
@ 2026-01-27 3:26 Mathieu Patenaude
2026-01-30 16:01 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Mathieu Patenaude @ 2026-01-27 3:26 UTC (permalink / raw)
To: netfilter-devel
Hi,
Just inquiring to see if there is any interest in adding nft bash
completion to the nftables project tree? I only found a reference to
it dating back to 2016 (patchwork RFC), but I'm unclear if this was
ever merged or if I'm just looking in the wrong place.
I wrote something that works:
https://github.com/mpatenaude/bash-nft-completion/blob/main/nft
Let me know if that can be helpful.
Cheers!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: nft bash completion
2026-01-27 3:26 nft bash completion Mathieu Patenaude
@ 2026-01-30 16:01 ` Phil Sutter
2026-01-30 18:26 ` Mathieu Patenaude
0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2026-01-30 16:01 UTC (permalink / raw)
To: Mathieu Patenaude; +Cc: netfilter-devel
Hi Mathieu,
On Mon, Jan 26, 2026 at 10:26:16PM -0500, Mathieu Patenaude wrote:
> Just inquiring to see if there is any interest in adding nft bash
> completion to the nftables project tree? I only found a reference to
> it dating back to 2016 (patchwork RFC), but I'm unclear if this was
> ever merged or if I'm just looking in the wrong place.
AFAIK nothing exists yet.
> I wrote something that works:
> https://github.com/mpatenaude/bash-nft-completion/blob/main/nft
>
> Let me know if that can be helpful.
Just to clarify:
| # - Provides completions up to the start of a statement (until a '{' is needed).
So this does not complete statements/expressions when adding a rule, and
completing the initial part is limited since it can't find out which
ruleset elements exist already unless sudo does not require a password.
Is the latter a requirement for the former? I.e., could it continue to
complete something like 'nft add rule t c ip ' despite it does not know
what "t" or "c" is supposed to be?
Cheers, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: nft bash completion
2026-01-30 16:01 ` Phil Sutter
@ 2026-01-30 18:26 ` Mathieu Patenaude
2026-02-03 0:19 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Mathieu Patenaude @ 2026-01-30 18:26 UTC (permalink / raw)
To: Phil Sutter, Mathieu Patenaude, netfilter-devel
Hi Phil,
Thanks for looking into this, hopefully it's a small break from the
complex nftables c code ;-)
The current code gets you up to the point where you need to define the
"object" specifics. At the shell, the problem I see is the escaping
of special characters ( { } ; ) and basically not wanting to reproduce
the entire nft parser in bash.
I can be very wrong on this, my observation is that most users define
things using a file (or file "like" or automation) method and mostly
use shell command line to do "simpler" things. I guess if we wanted
to auto complete everything at the shell without having to maintain
the equivalent of the nft option parser in bash, the autocomplete
would need to be in the nft command itself, i.e. it would be great if
the "nft --interactive" mode had auto-completion, we could somehow
find an efficient way to leverage it from bash, removing most of the
need for the Bash'i'ism ;-) But then again, there is the "escaping
special characters" fun part.
I realize I posted a link to the nft completion itself, but I had a
note about sudo at the "project" (two files!) level here
https://github.com/mpatenaude/bash-nft-completion/tree/main
The use of sudo / root is required for viewing the current ruleset, so
as soon as you need to auto complete an actual "object name", yes root
privileges are needed. The no password OR cached sudo creds (via sudo
-v) is a requirement of the former, otherwise it would make the "auto
completion" pretty awkward, like, a [tab] "enter your password", each
time you need to get a list of defined "objects".
For my use, this was initially put together for the "list" command so
it allowed the completion of the top most objects, like table, set,
chain, names. I based the current version on this "spec", not very
technical, but from the man page:
https://github.com/mpatenaude/bash-nft-completion/blob/main/positional-args-schema.txt.
Just to be sure I explain this correctly, for example: nft list set
<family> <table> <set> will go like this:
# Prerequisites: cache the sudo credential if you don't have sudo
configured for NOPASSWD for the /usr/sbin/nft command, or just become
root...
[mathp@dev01 /]$ sudo -v
[sudo] password for mathp:
# Lists all top level options
[mathp@dev01 /]$ nft
-v --handle --numeric --file
delete
-V -s -y -D
create
--version --stateless --numeric-priority --define
get
-h -t -p -I
replace
--help --terse --numeric-protocol
--includepath rename
-i -S -T -d
monitor
--interactive --service --numeric-time --debug
list
-c -N -e reset
insert
--check --reversedns --echo destroy
-o -u -j flush
--optimize --guid --json add
-a -n -f describe
# once you start the positional options (ex. list) it no longer
propose -/--flags, will also only propose what can be "listed" or
"added", etc.
# If you start typing f[tab] it does auto-complete until "flowtable"
and propose flowtable and flowtables for example.
[mathp@dev01 /]$ nft --handle list
chain flowtable quota table flowtables maps tables
counter limit ruleset chains hooks quotas
ct map set counters limits sets
# This is where the auto completion is opinionated, it currently
requires that you select the family, if you skip it, then it stops
proposing completion
[mathp@dev01 /]$ nft --handle list set
arp bridge inet ip ip6 netdev
# This is where "root" (sudo) is required, to list the actual table
names and propose them
[mathp@dev01 /]$ sudo nft --handle list set inet
firewalld systemd_cgroups_isolation
# Sudo required to propose the defined set names for auto complete:
[mathp@dev01 /]$ sudo nft --handle list set inet systemd_cgroups_isolation
inbound_only_cgroups test_set
# Auto complete the set name.
[mathp@dev01 /]$ sudo nft --handle list set inet
systemd_cgroups_isolation inbound_only_cgroups
table inet systemd_cgroups_isolation {
set inbound_only_cgroups { # handle 4
type cgroupsv2
elements = { 48026 }
}
}
# Adding a set for example, auto completion "propose stuff" until
"test_set" is entered.
[mathp@dev01 /]$ sudo nft add set inet systemd_cgroups_isolation
test_set '{ type ipv4_addr; }'
# lots of chains, yes it helps auto complete any one of those names ;-)
[mathp@dev01 /]$ nft list chain inet firewalld
Display all 117 possibilities? (y or n)
[mathp@dev01 /]$ nft list chain inet firewalld mangle_PRE
mangle_PREROUTING mangle_PRE_acme_log
mangle_PREROUTING_POLICIES mangle_PRE_acme_deny
mangle_PRE_drop mangle_PRE_acme_allow
mangle_PRE_drop_pre mangle_PRE_acme_post
mangle_PRE_drop_log mangle_PRE_policy_allow-host-ipv6
mangle_PRE_drop_deny mangle_PRE_policy_allow-host-ipv6_pre
mangle_PRE_drop_allow mangle_PRE_policy_allow-host-ipv6_log
mangle_PRE_drop_post mangle_PRE_policy_allow-host-ipv6_deny
mangle_PRE_acme mangle_PRE_policy_allow-host-ipv6_allow
mangle_PRE_acme_pre mangle_PRE_policy_allow-host-ipv6_post
Best,
Math.
On Fri, Jan 30, 2026 at 11:01 AM Phil Sutter <phil@nwl.cc> wrote:
>
> Hi Mathieu,
>
> On Mon, Jan 26, 2026 at 10:26:16PM -0500, Mathieu Patenaude wrote:
> > Just inquiring to see if there is any interest in adding nft bash
> > completion to the nftables project tree? I only found a reference to
> > it dating back to 2016 (patchwork RFC), but I'm unclear if this was
> > ever merged or if I'm just looking in the wrong place.
>
> AFAIK nothing exists yet.
>
> > I wrote something that works:
> > https://github.com/mpatenaude/bash-nft-completion/blob/main/nft
> >
> > Let me know if that can be helpful.
>
> Just to clarify:
>
> | # - Provides completions up to the start of a statement (until a '{' is needed).
>
> So this does not complete statements/expressions when adding a rule, and
> completing the initial part is limited since it can't find out which
> ruleset elements exist already unless sudo does not require a password.
>
> Is the latter a requirement for the former? I.e., could it continue to
> complete something like 'nft add rule t c ip ' despite it does not know
> what "t" or "c" is supposed to be?
>
> Cheers, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: nft bash completion
2026-01-30 18:26 ` Mathieu Patenaude
@ 2026-02-03 0:19 ` Pablo Neira Ayuso
2026-02-03 17:26 ` Mathieu Patenaude
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2026-02-03 0:19 UTC (permalink / raw)
To: Mathieu Patenaude; +Cc: Phil Sutter, netfilter-devel
Hi,
On Fri, Jan 30, 2026 at 01:26:43PM -0500, Mathieu Patenaude wrote:
> Hi Phil,
>
> Thanks for looking into this, hopefully it's a small break from the
> complex nftables c code ;-)
... interfering in this discussion.
> The current code gets you up to the point where you need to define the
> "object" specifics. At the shell, the problem I see is the escaping
> of special characters ( { } ; ) and basically not wanting to reproduce
> the entire nft parser in bash.
>
> I can be very wrong on this, my observation is that most users define
> things using a file (or file "like" or automation) method and mostly
> use shell command line to do "simpler" things. I guess if we wanted
> to auto complete everything at the shell without having to maintain
> the equivalent of the nft option parser in bash, the autocomplete
> would need to be in the nft command itself, i.e. it would be great
> if the "nft --interactive" mode had auto-completion, we could
> somehow find an efficient way to leverage it from bash, removing
> most of the need for the Bash'i'ism ;-)
It would be really good to have this consolidated, then expose a new
option that tells what is possible from an incomplete command.
> But then again, there is the "escaping special characters" fun part.
What is the issue specifically? Would providing some context to the
autocomplete feature help? ie. "autocomplete, but this is bash". Or,
are you already seeing scenarios in which this approach will lead to
ambiguous autocomplete results that are difficult to address?
Or is it just the complexity associate to dealing with the bison
parser, I understand consolidated approach is harder.
> I realize I posted a link to the nft completion itself, but I had a
> note about sudo at the "project" (two files!) level here
> https://github.com/mpatenaude/bash-nft-completion/tree/main
But short term / easier approach that can be replaced by the
consolidated autocompletion in nft later on should also be fine, which
is what I think you're proposing: a script. Given such script can be
simplified later on once the nft consolidated autocompletion is
available.
Are you planning to explore adding support for more complex stuff such
as concatenations and maps?
> The use of sudo / root is required for viewing the current ruleset, so
> as soon as you need to auto complete an actual "object name", yes root
> privileges are needed. The no password OR cached sudo creds (via sudo
> -v) is a requirement of the former, otherwise it would make the "auto
> completion" pretty awkward, like, a [tab] "enter your password", each
> time you need to get a list of defined "objects".
>
> For my use, this was initially put together for the "list" command so
> it allowed the completion of the top most objects, like table, set,
> chain, names. I based the current version on this "spec", not very
> technical, but from the man page:
> https://github.com/mpatenaude/bash-nft-completion/blob/main/positional-args-schema.txt.
>
> Just to be sure I explain this correctly, for example: nft list set
> <family> <table> <set> will go like this:
>
> # Prerequisites: cache the sudo credential if you don't have sudo
> configured for NOPASSWD for the /usr/sbin/nft command, or just become
> root...
> [mathp@dev01 /]$ sudo -v
> [sudo] password for mathp:
>
> # Lists all top level options
> [mathp@dev01 /]$ nft
> -v --handle --numeric --file
> delete
> -V -s -y -D
> create
> --version --stateless --numeric-priority --define
> get
> -h -t -p -I
> replace
> --help --terse --numeric-protocol
> --includepath rename
> -i -S -T -d
> monitor
> --interactive --service --numeric-time --debug
> list
> -c -N -e reset
> insert
> --check --reversedns --echo destroy
> -o -u -j flush
> --optimize --guid --json add
> -a -n -f describe
>
> # once you start the positional options (ex. list) it no longer
> propose -/--flags, will also only propose what can be "listed" or
> "added", etc.
> # If you start typing f[tab] it does auto-complete until "flowtable"
> and propose flowtable and flowtables for example.
> [mathp@dev01 /]$ nft --handle list
> chain flowtable quota table flowtables maps tables
> counter limit ruleset chains hooks quotas
> ct map set counters limits sets
>
> # This is where the auto completion is opinionated, it currently
> requires that you select the family, if you skip it, then it stops
> proposing completion
> [mathp@dev01 /]$ nft --handle list set
> arp bridge inet ip ip6 netdev
>
> # This is where "root" (sudo) is required, to list the actual table
> names and propose them
> [mathp@dev01 /]$ sudo nft --handle list set inet
> firewalld systemd_cgroups_isolation
>
> # Sudo required to propose the defined set names for auto complete:
> [mathp@dev01 /]$ sudo nft --handle list set inet systemd_cgroups_isolation
> inbound_only_cgroups test_set
>
> # Auto complete the set name.
> [mathp@dev01 /]$ sudo nft --handle list set inet
> systemd_cgroups_isolation inbound_only_cgroups
> table inet systemd_cgroups_isolation {
> set inbound_only_cgroups { # handle 4
> type cgroupsv2
> elements = { 48026 }
> }
> }
>
> # Adding a set for example, auto completion "propose stuff" until
> "test_set" is entered.
> [mathp@dev01 /]$ sudo nft add set inet systemd_cgroups_isolation
> test_set '{ type ipv4_addr; }'
>
> # lots of chains, yes it helps auto complete any one of those names ;-)
> [mathp@dev01 /]$ nft list chain inet firewalld
> Display all 117 possibilities? (y or n)
>
> [mathp@dev01 /]$ nft list chain inet firewalld mangle_PRE
> mangle_PREROUTING mangle_PRE_acme_log
> mangle_PREROUTING_POLICIES mangle_PRE_acme_deny
> mangle_PRE_drop mangle_PRE_acme_allow
> mangle_PRE_drop_pre mangle_PRE_acme_post
> mangle_PRE_drop_log mangle_PRE_policy_allow-host-ipv6
> mangle_PRE_drop_deny mangle_PRE_policy_allow-host-ipv6_pre
> mangle_PRE_drop_allow mangle_PRE_policy_allow-host-ipv6_log
> mangle_PRE_drop_post mangle_PRE_policy_allow-host-ipv6_deny
> mangle_PRE_acme mangle_PRE_policy_allow-host-ipv6_allow
> mangle_PRE_acme_pre mangle_PRE_policy_allow-host-ipv6_post
>
> Best,
> Math.
>
>
> On Fri, Jan 30, 2026 at 11:01 AM Phil Sutter <phil@nwl.cc> wrote:
> >
> > Hi Mathieu,
> >
> > On Mon, Jan 26, 2026 at 10:26:16PM -0500, Mathieu Patenaude wrote:
> > > Just inquiring to see if there is any interest in adding nft bash
> > > completion to the nftables project tree? I only found a reference to
> > > it dating back to 2016 (patchwork RFC), but I'm unclear if this was
> > > ever merged or if I'm just looking in the wrong place.
> >
> > AFAIK nothing exists yet.
> >
> > > I wrote something that works:
> > > https://github.com/mpatenaude/bash-nft-completion/blob/main/nft
> > >
> > > Let me know if that can be helpful.
> >
> > Just to clarify:
> >
> > | # - Provides completions up to the start of a statement (until a '{' is needed).
> >
> > So this does not complete statements/expressions when adding a rule, and
> > completing the initial part is limited since it can't find out which
> > ruleset elements exist already unless sudo does not require a password.
> >
> > Is the latter a requirement for the former? I.e., could it continue to
> > complete something like 'nft add rule t c ip ' despite it does not know
> > what "t" or "c" is supposed to be?
> >
> > Cheers, Phil
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: nft bash completion
2026-02-03 0:19 ` Pablo Neira Ayuso
@ 2026-02-03 17:26 ` Mathieu Patenaude
0 siblings, 0 replies; 5+ messages in thread
From: Mathieu Patenaude @ 2026-02-03 17:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Phil Sutter, netfilter-devel
Hi Pablo,
Like you said, the script I wrote gets part of the job done, it at
least takes care of the completion of the -*/--* options and the
defined object names like set, chain, map, flowtable, counter, quota,
limit, ct helper, ct expectation, ct timeout. It currently completes
these names in basic operations like "list" or "add", but not when
used within the definition of a rule, i.e. @set_name for example. I
just thought it would be a good starting point.
The current version of the script is based on the position of the
parameters. That said, if we wanted to auto-complete every @set_name
(regardless of the rule syntax correctness), that would be easy to
implement. But to auto complete a "named limit", like in: 'limit name
"my_limit_name" log prefix ...' that would probably mean understanding
what comes after "limit name". I haven't looked at this issue beyond
what is currently implemented in the script.
1. Sudo / root. Question: are there any plans to add the "table name"
as an argument to most plurals, so when you type "nft list limits
inet", you could write "nft list limits inet test_table" to get the
limit defined only in the test_table? That would remove the need for
sudo in https://github.com/mpatenaude/bash-nft-completion/blob/main/nft#L14
and make this much cleaner.
2. For the command line "escaping", here are two examples of the same results:
nft add table inet test_table { limit global_log_limit { rate 1/second \; } \; }
or
nft add table inet test_table '{ limit global_log_limit { rate 1/second ; } ; }'
Since we're talking about autocompleting, should it suggest the
closing ";" if so is it best to escape it, or what if the user escapes
the entire "definition", like in the second example above? Should it
even suggest the starting {, since the command is also valid if it
stops after the table_name? etc.
3. In my environment, rule changes are versioned and deployed by
automation. If deployed manually, they are still versioned (in git)
so we can keep track of what was done when. The only time an admin
actually use nft live at the command prompt is to test new rules and
debug, mostly ending up just listing stuff, counters, etc. Very
rarely typing an entire rule and even less expecting every rule syntax
element to auto complete.
4. traditionally bash completions implemented in "scripts" like this
one always become out-of-sync with the command they are completing.
Having the script collocated with the command project is the best
approach, but still poses a maintenance burden. It is up to the
project committer to decide the level of complexity they want into the
"script" vs allocating time to replace it with something integrated
into the command itself.
For full coverage, having the completion integrated in the nftables
command itself would be ideal, but it's been 30+ years since I've
coded in C, so I'll leave this to the experts! ;-)
Cheers!
Math.
On Mon, Feb 2, 2026 at 7:19 PM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> Hi,
>
> On Fri, Jan 30, 2026 at 01:26:43PM -0500, Mathieu Patenaude wrote:
> > Hi Phil,
> >
> > Thanks for looking into this, hopefully it's a small break from the
> > complex nftables c code ;-)
>
> ... interfering in this discussion.
>
> > The current code gets you up to the point where you need to define the
> > "object" specifics. At the shell, the problem I see is the escaping
> > of special characters ( { } ; ) and basically not wanting to reproduce
> > the entire nft parser in bash.
> >
> > I can be very wrong on this, my observation is that most users define
> > things using a file (or file "like" or automation) method and mostly
> > use shell command line to do "simpler" things. I guess if we wanted
> > to auto complete everything at the shell without having to maintain
> > the equivalent of the nft option parser in bash, the autocomplete
> > would need to be in the nft command itself, i.e. it would be great
> > if the "nft --interactive" mode had auto-completion, we could
> > somehow find an efficient way to leverage it from bash, removing
> > most of the need for the Bash'i'ism ;-)
>
> It would be really good to have this consolidated, then expose a new
> option that tells what is possible from an incomplete command.
>
> > But then again, there is the "escaping special characters" fun part.
>
> What is the issue specifically? Would providing some context to the
> autocomplete feature help? ie. "autocomplete, but this is bash". Or,
> are you already seeing scenarios in which this approach will lead to
> ambiguous autocomplete results that are difficult to address?
>
> Or is it just the complexity associate to dealing with the bison
> parser, I understand consolidated approach is harder.
>
> > I realize I posted a link to the nft completion itself, but I had a
> > note about sudo at the "project" (two files!) level here
> > https://github.com/mpatenaude/bash-nft-completion/tree/main
>
> But short term / easier approach that can be replaced by the
> consolidated autocompletion in nft later on should also be fine, which
> is what I think you're proposing: a script. Given such script can be
> simplified later on once the nft consolidated autocompletion is
> available.
>
> Are you planning to explore adding support for more complex stuff such
> as concatenations and maps?
>
> > The use of sudo / root is required for viewing the current ruleset, so
> > as soon as you need to auto complete an actual "object name", yes root
> > privileges are needed. The no password OR cached sudo creds (via sudo
> > -v) is a requirement of the former, otherwise it would make the "auto
> > completion" pretty awkward, like, a [tab] "enter your password", each
> > time you need to get a list of defined "objects".
> >
> > For my use, this was initially put together for the "list" command so
> > it allowed the completion of the top most objects, like table, set,
> > chain, names. I based the current version on this "spec", not very
> > technical, but from the man page:
> > https://github.com/mpatenaude/bash-nft-completion/blob/main/positional-args-schema.txt.
> >
> > Just to be sure I explain this correctly, for example: nft list set
> > <family> <table> <set> will go like this:
> >
> > # Prerequisites: cache the sudo credential if you don't have sudo
> > configured for NOPASSWD for the /usr/sbin/nft command, or just become
> > root...
> > [mathp@dev01 /]$ sudo -v
> > [sudo] password for mathp:
> >
> > # Lists all top level options
> > [mathp@dev01 /]$ nft
> > -v --handle --numeric --file
> > delete
> > -V -s -y -D
> > create
> > --version --stateless --numeric-priority --define
> > get
> > -h -t -p -I
> > replace
> > --help --terse --numeric-protocol
> > --includepath rename
> > -i -S -T -d
> > monitor
> > --interactive --service --numeric-time --debug
> > list
> > -c -N -e reset
> > insert
> > --check --reversedns --echo destroy
> > -o -u -j flush
> > --optimize --guid --json add
> > -a -n -f describe
> >
> > # once you start the positional options (ex. list) it no longer
> > propose -/--flags, will also only propose what can be "listed" or
> > "added", etc.
> > # If you start typing f[tab] it does auto-complete until "flowtable"
> > and propose flowtable and flowtables for example.
> > [mathp@dev01 /]$ nft --handle list
> > chain flowtable quota table flowtables maps tables
> > counter limit ruleset chains hooks quotas
> > ct map set counters limits sets
> >
> > # This is where the auto completion is opinionated, it currently
> > requires that you select the family, if you skip it, then it stops
> > proposing completion
> > [mathp@dev01 /]$ nft --handle list set
> > arp bridge inet ip ip6 netdev
> >
> > # This is where "root" (sudo) is required, to list the actual table
> > names and propose them
> > [mathp@dev01 /]$ sudo nft --handle list set inet
> > firewalld systemd_cgroups_isolation
> >
> > # Sudo required to propose the defined set names for auto complete:
> > [mathp@dev01 /]$ sudo nft --handle list set inet systemd_cgroups_isolation
> > inbound_only_cgroups test_set
> >
> > # Auto complete the set name.
> > [mathp@dev01 /]$ sudo nft --handle list set inet
> > systemd_cgroups_isolation inbound_only_cgroups
> > table inet systemd_cgroups_isolation {
> > set inbound_only_cgroups { # handle 4
> > type cgroupsv2
> > elements = { 48026 }
> > }
> > }
> >
> > # Adding a set for example, auto completion "propose stuff" until
> > "test_set" is entered.
> > [mathp@dev01 /]$ sudo nft add set inet systemd_cgroups_isolation
> > test_set '{ type ipv4_addr; }'
> >
> > # lots of chains, yes it helps auto complete any one of those names ;-)
> > [mathp@dev01 /]$ nft list chain inet firewalld
> > Display all 117 possibilities? (y or n)
> >
> > [mathp@dev01 /]$ nft list chain inet firewalld mangle_PRE
> > mangle_PREROUTING mangle_PRE_acme_log
> > mangle_PREROUTING_POLICIES mangle_PRE_acme_deny
> > mangle_PRE_drop mangle_PRE_acme_allow
> > mangle_PRE_drop_pre mangle_PRE_acme_post
> > mangle_PRE_drop_log mangle_PRE_policy_allow-host-ipv6
> > mangle_PRE_drop_deny mangle_PRE_policy_allow-host-ipv6_pre
> > mangle_PRE_drop_allow mangle_PRE_policy_allow-host-ipv6_log
> > mangle_PRE_drop_post mangle_PRE_policy_allow-host-ipv6_deny
> > mangle_PRE_acme mangle_PRE_policy_allow-host-ipv6_allow
> > mangle_PRE_acme_pre mangle_PRE_policy_allow-host-ipv6_post
> >
> > Best,
> > Math.
> >
> >
> > On Fri, Jan 30, 2026 at 11:01 AM Phil Sutter <phil@nwl.cc> wrote:
> > >
> > > Hi Mathieu,
> > >
> > > On Mon, Jan 26, 2026 at 10:26:16PM -0500, Mathieu Patenaude wrote:
> > > > Just inquiring to see if there is any interest in adding nft bash
> > > > completion to the nftables project tree? I only found a reference to
> > > > it dating back to 2016 (patchwork RFC), but I'm unclear if this was
> > > > ever merged or if I'm just looking in the wrong place.
> > >
> > > AFAIK nothing exists yet.
> > >
> > > > I wrote something that works:
> > > > https://github.com/mpatenaude/bash-nft-completion/blob/main/nft
> > > >
> > > > Let me know if that can be helpful.
> > >
> > > Just to clarify:
> > >
> > > | # - Provides completions up to the start of a statement (until a '{' is needed).
> > >
> > > So this does not complete statements/expressions when adding a rule, and
> > > completing the initial part is limited since it can't find out which
> > > ruleset elements exist already unless sudo does not require a password.
> > >
> > > Is the latter a requirement for the former? I.e., could it continue to
> > > complete something like 'nft add rule t c ip ' despite it does not know
> > > what "t" or "c" is supposed to be?
> > >
> > > Cheers, Phil
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-02-03 17:26 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-27 3:26 nft bash completion Mathieu Patenaude
2026-01-30 16:01 ` Phil Sutter
2026-01-30 18:26 ` Mathieu Patenaude
2026-02-03 0:19 ` Pablo Neira Ayuso
2026-02-03 17:26 ` Mathieu Patenaude
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.