bugzilla-daemon at netfilter.org
2016-Oct-24 21:30 UTC
[Bug 1093] New: 'Flush ruleset' is undocumented
https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Bug ID: 1093
Summary: 'Flush ruleset' is undocumented
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: incoming-only at bordenrhodes.com
The default /etc/nftables.conf has as its third line 'flush ruleset'.
Whilst
the behaviour of flush is well defined, the ruleset 'table' (is it a
table? I
don't know!) is completely undocumented in the nft(ables) man page.
For newcomers trying to figure out how to wrangle the software, not knowing
what this feature means or how to play with it certainly steepens the learning
curve. Would it be possible to add a paragraph explaining what the ruleset
'table' is and what can be done to it? If it's not a table, then the
man page
should explain what it is!
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161024/33935089/attachment.html>
bugzilla-daemon at netfilter.org
2016-Nov-05 16:48 UTC
[Bug 1093] Undocumented features in man pages
https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Borden Rhodes <incoming-only at bordenrhodes.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|'Flush ruleset' is |Undocumented features
in
|undocumented |man pages
--- Comment #1 from Borden Rhodes <incoming-only at bordenrhodes.com> ---
I'm changing the title on this bug because, in trying to decipher the
documentation, I've run into other things that I can't understand from
reading
the man pages:
2) One of the headings in the man page is BLA. What does this stand for? The
IPv6 section also appears to be incomplete.
3) Conntrack expressions specific types are not defined. What values are valid
for things like ct_state, ct_dir and ct_status?
4) In the Reject statement, the table headings should read 'values' for
what
the can be used. 'Types' is ambiguous.
5) The man page does not define a 'type' expression (which is used in
the
minimal nftables.conf). Is it a synonym for 'table', since, presumably,
'type
filter' means 'use the filter table'?
6) Likewise, the documentation talks a lot about hooks, but not what
'hook'
means in the context of 'type filter hook input'. Is this to specify the
input
chain of the hook table?
7) The only reference I can find to 'priority' is under 'meta'
and 'chains',
where the latter says 'When a hook and priority value are specified, the
chain
is created as a base chain and hooked up to the networking stack.' Ok... so
in
the reference nftables.conf, does priority 0 mean that it has highest priority
or lowest priority?
8) nft list ruleset shows that 'policy accept' is added to 'type
filter hook
forward priority 0;' Presumably, this is the 'default verdict'
(although I
thought nftables didn't have default policies like ip tables did?). The
policy
statement is likewise undocumented. Is this a user-configurable variable or is
it not documented so we can't touch it?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161105/10d8b00d/attachment.html>
bugzilla-daemon at netfilter.org
2016-Nov-06 04:02 UTC
[Bug 1093] Undocumented features in man pages
https://bugzilla.netfilter.org/show_bug.cgi?id=1093 --- Comment #2 from Borden Rhodes <incoming-only at bordenrhodes.com> --- 9) The man page makes no mention on the use of curly braces in the lexical conventions or the symbolic variables. The functionality detailed on the wiki of using it to define sets should be included, as well as its usage in scripts -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161106/3c723675/attachment.html>
bugzilla-daemon at netfilter.org
2016-Dec-18 13:55 UTC
[Bug 1093] Undocumented features in man pages
https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phil at nwl.cc
--- Comment #3 from Phil Sutter <phil at nwl.cc> ---
A few additional things I think should be fixed:
* (At least) 'device' parameter of 'add chain' has to be
explained.
* In section ADDRESS FAMILIES, description of 'arp' ends mid-sentence.
* Subsection IPV6 EXTENSION HEADER EXPRESSIONS barely contains any content.
* There is no description of (verdict) maps or sets.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20161218/ef8c26f2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-29 00:07 UTC
[Bug 1093] Undocumented features in man pages
https://bugzilla.netfilter.org/show_bug.cgi?id=1093
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200129/36eac6ca/attachment.html>