From acdfae9c3126ff8716c93713f13e8e31a85d5e95 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 17 Mar 2015 16:36:15 +0100
Subject: src: allow to specify the default policy for base chains

The new syntax is:

 nft add chain filter input { hook input type filter priority 0\; policy accept\; }

but the previous syntax is still allowed:

 nft add chain filter input { hook input type filter priority 0\; }

this assumes default policy to accept.

If the base chain already exists, you can update the policy via:

 nft add chain filter input { policy drop\; }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/rule.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/rule.h b/include/rule.h
index 90836bc4..97959f7b 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -111,6 +111,7 @@ enum chain_flags {
  * @hookstr:	unified and human readable hook name (base chains)
  * @hooknum:	hook number (base chains)
  * @priority:	hook priority (base chains)
+ * @policy:	default chain policy (base chains)
  * @type:	chain type
  * @rules:	rules contained in the chain
  */
@@ -122,6 +123,7 @@ struct chain {
 	const char		*hookstr;
 	unsigned int		hooknum;
 	int			priority;
+	int			policy;
 	const char		*type;
 	struct scope		scope;
 	struct list_head	rules;
-- 
cgit v1.2.3