netfilter: nf_tables: convert built-in tables/chains to chain types
This patch converts built-in tables/chains to chain types that
allows you to deploy customized table and chain configurations from
userspace.
After this patch, you have to specify the chain type when
creating a new chain:
add chain ip filter output { type filter hook input priority 0; }
^^^^ ------
The existing chain types after this patch are: filter, route and
nat. Note that tables are just containers of chains with no specific
semantics, which is a significant change with regards to iptables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
c29b72e025
commit
9370761c56
12 changed files with 221 additions and 274 deletions
|
|
@ -115,6 +115,7 @@ enum nft_table_attributes {
|
|||
* @NFTA_CHAIN_HANDLE: numeric handle of the chain (NLA_U64)
|
||||
* @NFTA_CHAIN_NAME: name of the chain (NLA_STRING)
|
||||
* @NFTA_CHAIN_HOOK: hook specification for basechains (NLA_NESTED: nft_hook_attributes)
|
||||
* @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING)
|
||||
*/
|
||||
enum nft_chain_attributes {
|
||||
NFTA_CHAIN_UNSPEC,
|
||||
|
|
@ -122,6 +123,7 @@ enum nft_chain_attributes {
|
|||
NFTA_CHAIN_HANDLE,
|
||||
NFTA_CHAIN_NAME,
|
||||
NFTA_CHAIN_HOOK,
|
||||
NFTA_CHAIN_TYPE,
|
||||
__NFTA_CHAIN_MAX
|
||||
};
|
||||
#define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue