NftStatement

Description

The NftStatement object specifies the action performed when a packet matches a rule. It can be terminal and non-terminal. In a certain rule several non-terminal statements can be considered but only a single terminal statement.

See the nftables documentation on statements for further information.

This object was introduced in InCore 2.1.

› Inherits:

Object

Overview

Properties

arguments type Object.objectId Object.parent

Methods

Object.deserializeProperties() Object.fromJson() Object.serializeProperties() Object.toJson()

Signals

Object.completed()

Enumerations

Type

Properties

arguments

This property holds the type-specific arguments to the statement.

› Type:

StringList

› Signal:

argumentsChanged()

› Attributes:

Writable

type

This property holds the statement type specifying the action to perform when a packet matches a rule.

› Type:

Type

› Default:

NftStatement.None

› Signal:

typeChanged()

› Attributes:

Writable

Enumerations

Type

This enumeration describes all supported statement types, i.e. actions.

Name	Value	Description
NftStatement.None	0	Do not perform any action, i.e. effectively disable the associated rule.
NftStatement.Accept	1	Accept the packet and stop the remaining rules evaluation.
NftStatement.Drop	2	Drop the packet and stop the remain rules evaluation.
NftStatement.Queue	3	Queue the packet to userspace and stop the remain rules evaluation. See the nftables queue reference for details on possible arguments.
NftStatement.Continue	4	Continue the ruleset evaluation with the next rule.
NftStatement.Return	5	Return from the current chain and continue at the next rule of the last chain. In a base chain it is equivalent to NftStatement.Accept.
NftStatement.Jump	6	Continue with the first rule of a chain named as specified in the arguments property. It will continue at the next rule after a return statement is issued.
NftStatement.GoTo	7	Similar to NftStatement.Jump but after the new chain the evaluation will continue at the last chain instead of the one containing the goto statement.
NftStatement.Log	8	Write messages to the system log according to further parameters specified in the arguments property. See the nftables documentation on logging for details.
NftStatement.Reject	9	Reject packet with optional protocol-specific reject reasons specified in the arguments property. See the nftables documentation on rejecting traffic and the reject reference for details.
NftStatement.Counter	10	Count packets with optional settings specified in the arguments property. See the nftables documentation on Counters and the counter reference for details.
NftStatement.Limit	11	Implement rate limiting with settings specified in the arguments property. See the nftables documentation on Rate limit matchings and the limit reference for details.
NftStatement.DNat	12	Implement destination address translation with settings specified in the arguments property. See the nftables documentation on Source NAT and the Nat reference for details.
NftStatement.SNat	13	Implement source address translation with settings specified in the arguments property. See the nftables documentation on Destination NAT and the Nat reference for details.
NftStatement.Masquerade	14	Implement masquerading with settings specified in the arguments property. See the nftables documentation on Masquerading and the Nat reference for details.

Example

See NftFirewall example on how to use NftStatement.