On Saturday 2021-08-14 19:46, Florian Westphal wrote: > Conservative change: > iptables-nft -X will not remove empty builtin chains. > OTOH, maybe it would be better to auto-remove those too, if empty. > Comments? How are chain policies expressed in nft, as a property on the chain (like legacy), or as a separate rule? That is significant when removing "empty" chains.
