search for: configuring_chains

...: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: Vincent.VSmeets at GMail.com Hallo, https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority describes that all the chains for a hook are executed in the order of the priority. The higher priority chains overrule the decision of the lower priority chains. The example from the wiki: table inet filter { # this chain is evaluated first due to priority chai...

...ssaging to be the subject of another issue) In searching the "official" documentation, there is little to describe the limits on length. === <https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables> (nothing) === <https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains> (nothing) === <https://wiki.nftables.org/wiki-nftables/index.php/Scripting> (define syntax described here -- nothing) === <https://wiki.nftables.org/wiki-nftables/index.php/Sets> "Current maximum name length is 16 characters." (assumed to apply to sets and not necess...

...: pablo at netfilter.org Reporter: hadmut at danisch.de Hi, when trying to migrate my old iptables/ufw rules to nftables I ran into a subtile change in semantics which I do consider as a major design flaw. Let me cite your documentation https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains which says NOTE: If a packet is accepted and there is another chain, bearing the same hook type and with a later priority, then the packet will subsequently traverse this other chain. Hence, an accept verdict ? be it by way of a rule or the default chain policy ? isn?t necessarily final. However,...