How to get nftables rule handle only?

Solution Unverified - Updated -

Issue

  • How to get nftables handle only when adding a new rule?

When adding a new rule like this:

nft add rule filter ip-output tcp dport { 80, 443 } ct state new counter accept

It will be added to the corresponding chain and gets a unique handle.

If I want to know which handle the rule gets I can do that using this command:

nft -a -e add rule ip filter ip-output tcp dport { 80, 443 } ct state new counter packets 0 bytes 0 accept

This adds the rule and returns the rule followed by the handle:

add rule ip filter ip-output tcp dport { 80, 443 } ct state new counter packets 0 bytes 0 accept # handle 118

I need just the number of the handle.

Environment

  • Red Hat Enterprise Linux 8
  • nftables firewall with nft tool

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content