* [nft PATCH] doc: update documentation with 'monitor' and 'export'
@ 2014-08-04 8:29 Arturo Borrero Gonzalez
0 siblings, 0 replies; only message in thread
From: Arturo Borrero Gonzalez @ 2014-08-04 8:29 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Let's add info about 'monitor' and 'export'.
While at it, fix other minors things, like the no-netlink return code and
indentations of the document.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
doc/nft.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 67 insertions(+), 3 deletions(-)
diff --git a/doc/nft.xml b/doc/nft.xml
index 702891c..41c0840 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -2080,6 +2080,70 @@ filter input iif eth0 drop
</refsect1>
<refsect1>
+ <title>Additional commands</title>
+ <para>
+ These are some additional commands included in nft.
+ </para>
+ <refsect2>
+ <title>export</title>
+ <para>
+ Export your current ruleset in XML or JSON format to stdout.
+ </para>
+ <para>
+ Examples:
+ <programlisting>
+% nft export xml
+[...]
+% nft export json
+[...]
+ </programlisting>
+ </para>
+ </refsect2>
+ <refsect2>
+ <title>monitor</title>
+ <para>
+ The monitor command allows you to listen to Netlink events produced
+ by the nf_tables subsystem, related to creation and deletion of objects.
+ When they ocurr, nft will print to stdout the monitored events in either
+ XML, JSON or native nft format.
+ </para>
+ <para>
+ To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements'.
+ </para>
+ <para>
+ To filter events related to a concrete action, use keyword 'new' or 'destroy'.
+ </para>
+ <para>
+ Hit ^C to finish the monitor operation.
+ </para>
+ <example>
+ <title>Listen to all events, report in native nft format</title>
+ <programlisting>
+% nft monitor
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to added tables, report in XML format</title>
+ <programlisting>
+% nft monitor new tables xml
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to deleted rules, report in JSON format</title>
+ <programlisting>
+% nft monitor destroy rules json
+ </programlisting>
+ </example>
+ <example>
+ <title>Listen to both new and destroyed chains, in native nft format</title>
+ <programlisting>
+% nft monitor chains
+ </programlisting>
+ </example>
+ </refsect2>
+ </refsect1>
+
+ <refsect1>
<title>Error reporting</title>
<para>
When an error is detected, nft shows the line(s) containing the error, the position
@@ -2097,7 +2161,7 @@ filter input iif eth0 drop
<programlisting>
<cmdline>:1:19-22: Error: Interface does not exist
filter output oif eth0
-^^^
+ ^^^^
</programlisting>
</example>
<example>
@@ -2105,7 +2169,7 @@ filter output oif eth0
<programlisting>
<cmdline>:1:28-36: Error: Right hand side of relational expression (==) must be constant
filter output tcp dport == tcp dport
-~~ ^^^^^^^^^
+ ~~ ^^^^^^^^^
</programlisting>
</example>
@@ -2124,7 +2188,7 @@ filter output oif wlan0
<para>
On success, nft exits with a status of 0. Unspecified
errors cause it to exit with a status of 1, memory allocation
- errors with a status of 2.
+ errors with a status of 2, unable to open Netlink socket with 3.
</para>
</refsect1>
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-08-04 8:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-04 8:29 [nft PATCH] doc: update documentation with 'monitor' and 'export' Arturo Borrero Gonzalez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).