diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 16:36:15 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 17:26:03 +0100 |
commit | acdfae9c3126ff8716c93713f13e8e31a85d5e95 (patch) | |
tree | 3b6c0d51c0062c54243d62565330ea99bba6ab23 /include | |
parent | ac3a68fb768b7f0e20493038139faa4704dc1846 (diff) |
src: allow to specify the default policy for base chains
The new syntax is:
nft add chain filter input { hook input type filter priority 0\; policy accept\; }
but the previous syntax is still allowed:
nft add chain filter input { hook input type filter priority 0\; }
this assumes default policy to accept.
If the base chain already exists, you can update the policy via:
nft add chain filter input { policy drop\; }
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/rule.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 90836bc4..97959f7b 100644 --- a/include/rule.h +++ b/include/rule.h @@ -111,6 +111,7 @@ enum chain_flags { * @hookstr: unified and human readable hook name (base chains) * @hooknum: hook number (base chains) * @priority: hook priority (base chains) + * @policy: default chain policy (base chains) * @type: chain type * @rules: rules contained in the chain */ @@ -122,6 +123,7 @@ struct chain { const char *hookstr; unsigned int hooknum; int priority; + int policy; const char *type; struct scope scope; struct list_head rules; |