Expand typed firewall and map API

README.md

@@ -7,7 +7,8 @@
 This library is intentionally narrow.
 
 - High-level managed API:
-  - typed `NftRuleset` / `NftTable` / `NftSet` authoring
+  - typed `NftRuleset` / `NftTable` / `NftSet` / `NftMap` / `NftChain` / `NftRule` authoring
+  - `RenderRuleset`
   - `ValidateRuleset`
   - `ApplyRuleset`
   - `Snapshot`
@@ -17,7 +18,7 @@ This library is intentionally narrow.
 
 Non-goals for the current release:
 
-- Typed rule expressions, maps, and snapshot parsing back into object models
+- Full nft expression parity and snapshot parsing back into object models
 - Event monitoring or subscriptions
 - Cross-platform support beyond Linux x64
 
@@ -79,11 +80,31 @@ var blocked = new NftSet
     Name = "blocked_ipv4",
     Type = NftSetType.Ipv4Address,
 };
-blocked.Elements.Add("10.0.0.1");
-blocked.Elements.Add("10.0.0.2");
+blocked.Elements.Add(NftValue.Address(System.Net.IPAddress.Parse("10.0.0.1")));
+blocked.Elements.Add(NftValue.Address(System.Net.IPAddress.Parse("10.0.0.2")));
 table.Sets.Add(blocked);
+
+var chain = new NftChain
+{
+    Name = "input",
+    Type = NftChainType.Filter,
+    Hook = NftHook.Input,
+    Priority = 0,
+    Policy = NftChainPolicy.Drop,
+};
+chain.Rules.Add(new NftRule
+{
+    InputInterface = NftValue.Interface("eth0"),
+    SourceAddressSetName = "blocked_ipv4",
+    TransportProtocol = NftTransportProtocol.Tcp,
+    DestinationPort = NftValue.Port(22),
+    Verdict = NftVerdict.Accept,
+});
+table.Chains.Add(chain);
+
 ruleset.Tables.Add(table);
 
+string preview = client.RenderRuleset(ruleset);
 var validation = client.ValidateRuleset(ruleset);
 if (validation.IsValid)
 {