[QUESTION] Deleting nft rule by handle #1365
Description
Hi everyone,
I'm having a problem with deleting a particular nftables rule by it's numeric handle.
Handles are visible using "-a" parameter in cmdline.
nft -a list ruleset
My crude testing script looks as following:
#!/usr/bin/python3
from pyroute2.nftables.main import NFTables
nft = NFTables(nfgen_family=0)
rules = nft.get_rules()
for rule in rules:
print(rule)
attrs = rule.get('attrs')
remap_attrs = {x[0]:x[1] for x in attrs}
handle = remap_attrs.get('NFTA_RULE_HANDLE')
print(handle)
nft.rule('del', NFTA_RULE_HANDLE=handle)
break
The output is:
{'attrs': [('NFTA_RULE_TABLE', 'nftables_svc'), ('NFTA_RULE_CHAIN', 'allow'), ('NFTA_RULE_HANDLE', 6), ('NFTA_RULE_EXPRESSIONS', [{'attrs': [('NFTA_EXPR_NAME', 'ct'), ('NFTA_EXPR_DATA', {'attrs': [('NFTA_CT_DREG', 'NFT_REG_1'), ('NFTA_CT_KEY', 'NFT_CT_STATE')]})]}, {'attrs': [('NFTA_EXPR_NAME', 'bitwise'), ('NFTA_EXPR_DATA', {'attrs': [('NFTA_BITWISE_SREG', 'NFT_REG_1'), ('NFTA_BITWISE_DREG', 'NFT_REG_1'), ('NFTA_BITWISE_LEN', 4), ('NFTA_BITWISE_MASK', {'attrs': [('NFTA_DATA_VALUE', b'\x06\x00\x00\x00')]}), ('NFTA_BITWISE_XOR', {'attrs': [('NFTA_DATA_VALUE', b'\x00\x00\x00\x00')]})]})]}, {'attrs': [('NFTA_EXPR_NAME', 'cmp'), ('NFTA_EXPR_DATA', {'attrs': [('NFTA_CMP_SREG', 'NFT_REG_1'), ('NFTA_CMP_OP', 'NFT_CMP_NEQ'), ('NFTA_CMP_DATA', {'attrs': [('NFTA_DATA_VALUE', b'\x00\x00\x00\x00')]})]})]}, {'attrs': [('NFTA_EXPR_NAME', 'immediate'), ('NFTA_EXPR_DATA', {'attrs': [('NFTA_IMMEDIATE_DREG', 'NFT_REG_VERDICT'), ('NFTA_IMMEDIATE_DATA', {'attrs': [('NFTA_DATA_VERDICT', {'attrs': [('NFTA_VERDICT_CODE', 'NF_ACCEPT')]})]})]})]}])], 'header': {'length': 260, 'type': 2566, 'flags': 2050, 'sequence_number': 255, 'pid': 13292, 'error': None, 'target': 'localhost', 'stats': Stats(qsize=0, delta=0, delay=0)}, 'nfgen_family': 1, 'version': 0, 'res_id': 2}
6
Traceback (most recent call last):
File "/opt/./test.py", line 14, in <module>
nft.rule('del', NFTA_RULE_HANDLE=handle)
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/core.py", line 754, in _run_with_cleanup
return self.asyncore.event_loop.run_until_complete(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/asyncio/base_events.py", line 654, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/pyroute2/nftables/main.py", line 327, in rule
return await self._command(nft_rule_msg, commands, cmd, kwarg)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/nfnetlink/nftsocket.py", line 1375, in _command
return [
^
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/nfnetlink/nftsocket.py", line 1375, in <listcomp>
return [
^
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/nlsocket.py", line 450, in nlm_request_batch
async for msg in request.response():
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/nlsocket.py", line 640, in response
async for msg in self.sock.get(
File "/usr/local/lib/python3.11/site-packages/pyroute2/netlink/core.py", line 541, in get
raise error
pyroute2.netlink.exceptions.NetlinkError: (22, 'Invalid argument')
Unfortunately i didn't manage to find any explaination on how to do this in documentation, in google, and even trying to grep the source code for anything related to rules deletion...
Could you please point me to the proper manual or maybe explain on fingers how can i do such a simple thing?
Thanks in advance!