2 files changed, 9 insertions, 3 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index b9820f12..e6702ff4 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1065,7 +1065,7 @@ static int nft_chain_list_cb(const struct nlmsghdr *nlh, void *data)
 		goto out;
 	}
 
-	nft_chain_list_add(c, list);
+	nft_chain_list_add_tail(c, list);
 
 	return MNL_CB_OK;
 out:
@@ -1174,7 +1174,7 @@ static int nft_rule_list_cb(const struct nlmsghdr *nlh, void *data)
 		goto out;
 	}
 
-	nft_rule_list_add(r, list);
+	nft_rule_list_add_tail(r, list);
 
 	return MNL_CB_OK;
 out:
@@ -1537,7 +1537,7 @@ static int nft_table_list_cb(const struct nlmsghdr *nlh, void *data)
 		goto out;
 	}
 
-	nft_table_list_add(t, list);
+	nft_table_list_add_tail(t, list);
 
 	return MNL_CB_OK;
 out:
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y
index 1d78c43c..e7a8a07e 100644
--- a/iptables/xtables-config-parser.y
+++ b/iptables/xtables-config-parser.y
@@ -210,6 +210,11 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
 			}
 			nft_table_attr_set_u32(table, NFT_TABLE_ATTR_FAMILY, family);
 			nft_table_attr_set(table, NFT_TABLE_ATTR_NAME, e->data);
+			/* This is intentionally prepending, instead of
+			 * appending, since the elements in the stack are in
+			 * the reverse order that chains appear in the
+			 * configuration file.
+			 */
 			nft_table_list_add(table, table_list);
 			break;
 		case T_PRIO:
@@ -226,6 +231,7 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
 			nft_table_attr_set_u32(table, NFT_CHAIN_ATTR_FAMILY, family);
 			nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
 			nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data);
+			/* Intentionally prepending, instead of appending */
 			nft_chain_list_add(chain, chain_list);
 			break;
 		case T_HOOK: