A phrase like "input chain" is a throwback to xtables documentation. In nft, chains are containers for rules. They do have a type, but what's important here is which hook each uses. v2: Show hook names in bold Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> --- doc/statements.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/statements.txt b/doc/statements.txt index 3b82436..ced311c 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -171,8 +171,9 @@ ____ A reject statement is used to send back an error packet in response to the matched packet otherwise it is equivalent to drop so it is a terminating -statement, ending rule traversal. This statement is only valid in the input, -forward and output chains, and user-defined chains which are only called from +statement, ending rule traversal. This statement is only valid in base chains +using the *input*, +*forward* or *output* hooks, and user-defined chains which are only called from those chains. .different ICMP reject variants are meant for use in different table families -- 2.14.5
