Skip to content

knft¤

usage: knft [-h]
            {list-flowtables,list-objects,list-sets,list-exprs,list-rules,list-chains,list-tables,dump}
            ...

Utility for inspecting the kernel netfilter subsystem.

Positional arguments¤

Positional Argument Help
command

Optional arguments¤

Short Long Help
-h --help show this help message and exit

knft list-flowtables¤

usage: knft list-flowtables [-h] [-n NSID] [table_family] [table_name]

Dump netfilter flowtables from a specific table

Positional arguments¤

Positional Argument Help
table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp)
table_name Table name

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-objects¤

usage: knft list-objects [-h] [-n NSID] [table_family] [table_name]

Dump netfilter objects from a specific table

Positional arguments¤

Positional Argument Help
table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp
table_name Table name

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-sets¤

usage: knft list-sets [-h] [-n NSID] [table_family] [table_name]

Dump netfilter sets from a specific table

Positional arguments¤

Positional Argument Help
table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp
table_name Table name

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-exprs¤

usage: knft list-exprs [-h] [-n NSID]
                       [table_family] [table_name] [chain_name] [rule_id]

Dump only expressions from specific rule

Positional arguments¤

Positional Argument Help
table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp
table_name Table name
chain_name Chain name
rule_id Rule Handle ID

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-rules¤

usage: knft list-rules [-h] [-n NSID] [table_family] [table_name] [chain_name]

Dump netfilter rules from a specific chain

Positional arguments¤

Positional Argument Help
table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp
table_name Table name
chain_name Chain name

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-chains¤

usage: knft list-chains [-h] [-n NSID] [table_family] [table_name]

Dump netfilter chains from a specific table

Positional arguments¤

Positional Argument Help
table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp
table_name Table name

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft list-tables¤

usage: knft list-tables [-h] [-n NSID]

Dump netfilter tables from a specific network namespace

Optional arguments¤

Short Long Help
-h --help show this help message and exit
-n --nsid Network Namespace ID

knft dump¤

usage: knft dump [-h] [nsid]

Dump all nftables: tables, chains, rules, expressions

Positional arguments¤

Positional Argument Help
nsid Network Namespace ID

Optional arguments¤

Short Long Help
-h --help show this help message and exit