On Thu, Jul 07, 2022 at 10:45:00AM +0200, Erwan David wrote: > Le 07/07/2022 à 10:11, Roger Price a écrit : > > Newbie 3: The configuration file begins with the Bash shebang > > #!/usr/sbin/nft -f but the Debian 11 man page for nftables says > > > > -f, --file filename Read input from filename. If filename is -, read > > from stdin. > > > > and doesn't mention omitting the filename. I'm guessing that -f with no > > file name means "read from the remainder of this file". Is this > > correct? > > It's very old for me (I began unix in 1990) but in my understanding when a > file begins wth a shebang the line after the shebang is completed with the > path to the file and the full line is then executed, thus You'll end with a > command line of /usr/sbin/nft -f /etc/nftables.conf
That's correct. That's how shebangs work. If you take a typical shell script, which begins with #!/bin/sh, and you execute that, you'll end up with the kernel running a command such as /bin/sh ./myscript for you. Likewise, a perl script will end up executing something like /usr/bin/perl /usr/bin/perlscript and so on. You are allowed to have one (1) argument word after the interpreter name on a shebang line. In the case of your nft script, that option happens to be -f. This will also be required for awk scripts (with a shebang of #!/usr/bin/awk -f) and so on.
