% NFTCHKNET(1) | Nftfw documentation
nftnetchk — command line tool to check if IPs in the firewall database are present in blacknets.d files
| nftnetchk [-h | -l]
nftnetchk is a command line tool that checks if the IP addresses in the files in blacknets.d are legal. In addition, it will determine if the IP addresses present in the firewall database are unnecessary because they are part of any network contained in files in blacknets.d. Entries in blacknets.d are usually network ranges expressed using CIDR format and are added into blacknets.d by hand. This tool will list entries in the firewall database that are no longer needed because they are covered by the blacknets.d values.
If nftnetchk has nothing to report, it won't output anything.
Output is normally a 'pretty printed' table with these headings:
The -l (or --list) option just outputs IP addresses as a list. The output can be used to remove the IPs from the database:
sudo nftnetchk -l | while read ip; do sudo nftfwedit -d $ip; done
/etc/nftfw or /usr/local/etc/nftfw
: Location of control files
/var/lib/nftfw/ or /usr/local/var/lib/nftfw
: Location of build, install, lock file and sqlite3 database storing file positions and blacklist information
See GitHub Issues: https://github.com/pcollinson/nftfw/issues
Peter Collinson
nft(1), nftfwls(1), nftfwedit(1), nftfwadm(1), nftfw-config(5), nftfw-files(5)