Hi Pablo,
I have just checked this. The order is fine except by the nat table, that one has been corrected it here: http://git.netfilter.org/iptables-nftables/commit/?id=990b5aec1df02450545b57b94d3c960d9b7b1188 However, if the xtables.conf file is used, the order was reversed so I could reproduce exactly the same output that you posted here. I have fixed that by fixing the semantically of nft_*_list_add in libnftables to prepend, instead of appending. Now we have nft_*_list_add_tail, I have adapted iptables-nftables to use add_tail when needed: http://git.netfilter.org/iptables-nftables/commit/?id=5e6ed2aae9e4a8ec0a340036f485c2567635eca9 Those should be enough to resolve this issue.
If you think it's sufficient to ensure right chain ordering then ok, as long as users don't mess up with conf/save files.
I did not liked much the for loop on builtin chains anyway. Tomasz -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
