projects / project / firewall4.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a540f6d) | patch
cli: introduce test mode and refuse firewall restart on errors
authorJo-Philipp Wich <jo@mein.io>
Thu, 1 Sep 2022 10:11:44 +0000 (12:11 +0200)
committerJo-Philipp Wich <jo@mein.io>
Thu, 1 Sep 2022 10:19:14 +0000 (12:19 +0200)
commitf5fcdcf2c51f6f0a4b116c352000c4fe0523be77
treeff0a791db047212fac93b2e637823fbfda36014ftree | snapshot
parenta540f6d5373217e60febd2d0bc0f585981e67917commit | diff
cli: introduce test mode and refuse firewall restart on errors

 - Introduce a new `fw4 [-q] check` command which tests the rendered ruleset
   using nftables' --check mode. This is useful to assert complex rulesets
   using external includes for correctness.

 - Extend the `fw4 restart` command to check the rendered ruleset before
   flushing the existing ruleset.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
root/sbin/fw4 diff | blob | history
OpenWrt nftables firewall