Module: NFT

Extended by:: Ctx

Defined in:: lib/nft.rb,
lib/nft/ctx.rb,
lib/nft/library.rb,
lib/nft/version.rb,
lib/nft/misc/file_descriptor.rb

Overview

The NFT module is a foreign function interface for the high-level userspace netfilter nftables library.

It provides a basic run method, to execute nftables commands. For valid commands see the nftables(8) manpage and the nftables wiki.

Defined Under Namespace

Modules: Ctx, FileDescriptor, Library

Constant Summary collapse

VERSION =

'1.000'

Class Attribute Summary collapse

.debug ⇒ Object

Enable and control debugging output.

Class Method Summary collapse

.run(cmd) ⇒ Object

Run given nftables command.

Class Attribute Details

.debug ⇒ `Object`

Enable and control debugging output.

For options see the libnftables(3) manpage. The information is printed to stderr.

NFT.debug = NFT::Library::NFT_DEBUG_SCANNER | NFT::Library::NFT_DEBUG_PARSER



25
26
27

# File 'lib/nft.rb', line 25

def debug
  @debug
end

Class Method Details

.run(cmd) ⇒ `Object`

Run given nftables command.

The method returns an array of hashes if the command presents any output or an empty array otherwise. On execution failure it raises a runtime error.

NFT.run('list ruleset')

# File 'lib/nft.rb', line 35

def run(cmd)
  begin
    ctx_create
    rc = 0
    stdout, stderror = ctx_run { rc = NFT::Library.nft_run_cmd_from_buffer(@ctx, cmd) }
  ensure
    ctx_free
  end
  return raise stderror unless rc.zero?

  return [] if stdout.nil? || stdout.empty?

  stdout = ctx_debug!(stdout)
  stdout.split("\n").map(&:strip).reject(&:empty?).map { |line| JSON.parse(line) }
end