Package: nftables
Version: 0.9.0-2
Severity: normal
I want to parse rules from a script but parsing them from a pipe files
while parsing from file works
nft -f nft.txt works
cat nft.txt | nft -f - fails with a handful of syntax errors
I also noticed a difference when doing full debug output
Reading Cfrom file shows the filename, the line number and the postion
as well as the actual line and the used part of line
Reading from stdin just shows /dev/stdin, the line number and the
position.
So there seams to be different handling oft reading the input
I encountered this too some time ago - according to strace, nft is
reading rules in 8kB long blocks (so everything works fine until your
rules grow) but after the block is read, nft attempts to seek few bytes
back in the file. I guess it wants to do the next read from some kind of
boundary. Anyway, seeking in stream obviously fails with ESPIPE -
Illegal seek (I guess nft doesn't check return value here), another 8kB
block is read but not from the file position nft wanted, resulting in
syntax error.
Nft man page says that reading from stdin is supported, but it also says
that "nft export json" is a thing, so I just written this off as yet
another error in the docs and worked around it by dumping my rules into
a temporary file a reading them via -f . You may want to do the same
thing.
