path: root/include/rule.h
diff options
authorPablo Neira Ayuso <>2015-03-17 16:36:15 +0100
committerPablo Neira Ayuso <>2015-03-17 17:26:03 +0100
commitacdfae9c3126ff8716c93713f13e8e31a85d5e95 (patch)
tree3b6c0d51c0062c54243d62565330ea99bba6ab23 /include/rule.h
parentac3a68fb768b7f0e20493038139faa4704dc1846 (diff)
src: allow to specify the default policy for base chains
The new syntax is: nft add chain filter input { hook input type filter priority 0\; policy accept\; } but the previous syntax is still allowed: nft add chain filter input { hook input type filter priority 0\; } this assumes default policy to accept. If the base chain already exists, you can update the policy via: nft add chain filter input { policy drop\; } Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include/rule.h')
1 files changed, 2 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 90836bc4..97959f7b 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -111,6 +111,7 @@ enum chain_flags {
* @hookstr: unified and human readable hook name (base chains)
* @hooknum: hook number (base chains)
* @priority: hook priority (base chains)
+ * @policy: default chain policy (base chains)
* @type: chain type
* @rules: rules contained in the chain
@@ -122,6 +123,7 @@ struct chain {
const char *hookstr;
unsigned int hooknum;
int priority;
+ int policy;
const char *type;
struct scope scope;
struct list_head rules;