Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a dry-run option that outputs the new rules to stdout but doesn't modify anything #13

Open
CristianCantoro opened this issue Jan 30, 2021 · 2 comments
Open

Add a dry-run option that outputs the new rules to stdout but doesn't modify anything #13

CristianCantoro opened this issue Jan 30, 2021 · 2 comments

Comments

@CristianCantoro
Copy link

Hi,

this is a request for an enhancement. The idea is to add a --dry-run option that outputs the new rules to stdout without actually changing anything, that would be useful to check the output of the command before actually running it.
@rpthms
Copy link
Owner

rpthms commented Jan 31, 2021

Dry run shouldn't be too hard. We could set the geo-filter table to dormant right from the get go (that way it's rules will never be evaulated), then add the IP block sets and rules as usual, then print out the ruleset and delete the geo-filter table.

@andrey-utkin
Copy link

andrey-utkin commented Mar 4, 2022
edited
Loading

I think the point is to work successfully even if it's impossible to run nft. That way I could

  • familiarise with how the result actually look
  • transform its output in some custom way
  • make sanity checks on the resulting blocked set

all before affecting the actual configuration. Potentially before the target machine even boots.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CristianCantoro @rpthms @andrey-utkin