From acdfae9c3126ff8716c93713f13e8e31a85d5e95 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 17 Mar 2015 16:36:15 +0100
Subject: src: allow to specify the default policy for base chains

The new syntax is:

 nft add chain filter input { hook input type filter priority 0\; policy accept\; }

but the previous syntax is still allowed:

 nft add chain filter input { hook input type filter priority 0\; }

this assumes default policy to accept.

If the base chain already exists, you can update the policy via:

 nft add chain filter input { policy drop\; }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.xml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'doc')

diff --git a/doc/nft.xml b/doc/nft.xml
index 696a4c34..8d79016c 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -456,6 +456,7 @@ filter input iif $int_ifs accept
 				<arg choice="req"><replaceable>chain</replaceable></arg>
 				<arg choice="req"><replaceable>hook</replaceable></arg>
 				<arg choice="req"><replaceable>priority</replaceable></arg>
+				<arg choice="req"><replaceable>policy</replaceable></arg>
 			</cmdsynopsis>
 			<cmdsynopsis>
 				<group choice="req">
-- 
cgit v1.2.3