Rule deletion by description
This patch introduces deletion in a similar fashion as in iptables, thus, we can delete the first rule that matches our description, for example:
$ nft list -a ruleset
table ip t {
chain c {
ip saddr 1.1.1.1 counter packets 0 bytes 0 # handle 1
ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 2
ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3
ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4
}
}
$ nft delete rule table chain ip saddr 1.1.1.2 counter
$ nft list -a ruleset
table ip t {
chain c {
ip saddr 1.1.1.1 counter packets 0 bytes 0 # handle 1
ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3
ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4
}
}
For archive this I have needed to introduce several changes into libnftnl library. I have implemented comparators for rule and expression objects.
NOTE: I have some patches that must be accepted before I can consider the work completed.
Commits
nftables
- PENDING APPOVAL parser: Improve syntax errors
- PENDING APPOVAL test: shell: Add tests for deleting rule by description
- PENDING APPOVAL Implement deleting rule by description
- Simplify parser rule_spec tree