#!/bin/bash

# firewalld is using nftables
# call this script without any options to output the entire ruleset
# or provide one argument as a "set" (e.g. "fail2ban") to return only that IP set.

# if "set" arg is provided only return that info
if [ -n "$1" ]; then
  nft list set inet firewalld $1
else
  # no "set" specified, return entire table
  nft list table inet firewalld
fi

# you can also export the current ruleset in json format:
# nft -j list ruleset
# and to parse the json export do:
# nft -j list ruleset | jq .