From a3c11f752935ecccb4b2e6b9f3db9ee2af1c064a Mon Sep 17 00:00:00 2001
From: Joachim Wiberg <troglobit@gmail.com>
Date: Tue, 12 Mar 2024 16:21:33 +0100
Subject: [PATCH] Minor, mention how to run commands from an image

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
---
 content/posts/2024-03-12-firewall-container.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/content/posts/2024-03-12-firewall-container.md b/content/posts/2024-03-12-firewall-container.md
index c8322a6..bc350f4 100644
--- a/content/posts/2024-03-12-firewall-container.md
+++ b/content/posts/2024-03-12-firewall-container.md
@@ -153,6 +153,14 @@ table ip nat {
 }
 ```
 
+> Here we run the `nft` program shipped with Infix.  It is of course
+> possible to run the `nft` binary from the container, albeit not as
+> easily:
+>
+> ```shell
+> admin@infix:~$ sudo podman run --network=host --privileged=true --entrypoint=/usr/sbin/nft ghcr.io/kernelkit/curios-nftables:24.02.0 list ruleset
+> ```
+
 
 ## `/etc/nftables.conf`