The current syntax when handling chains seems counterintuitive to me. I would
expect that "add chain" would have the name of the chain directly after the
keyword "chain". But instead, the name of the table is there, with the chain
after. I think a better syntax might be this:
add chain <table>/<chain>
which seems clearer to me. And it has the added benefit of following the
"everything is a file" paradigm. Who knows - maybe someday we can add a sysfs
interface for nftables, and this will fit nicely within a tree:
nftables
tables
chains
rules
Thoughts? Attached patch is a general proof of concept.
Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
