Hi, can't you do the same by dropping a snippet into /etc/nftables.d/ which simply registers chain with lower priority hooks? In fact there already is an example [1].
So in order to achieve what you want, create an
`/etc/nftables.d/10-pre-chains.nft with the following contents:
-- 8< --
chain pre_input {
type filter hook input priority -1; policy accept;
}
chain pre_forward {
type filter hook forward priority -1; policy accept;
}
chain pre_output {
type filter hook output priority -1; policy accept;
}
-- >8 --
Since nftables makes it easy to have many hooks, I doubt that such a generic,
mostly unused facility is needed at all. If your package/process/use case
requires staging custom rules before the default ones, drop a partial into
/etc/nftables.d/ which declares own chains with lower priority hooks along
with the rules you need.
~ Jo
1:
https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/etc/nftables.d/10-custom-filter-chains.nft;h=4cb421308f2f8b084add77fc51f8430596d83abf;hb=b2682251a173103490a4a2556fb87e4df1d627b3#l8
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
