Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > We could check if policy is still set to accept before implicit > > removal in the "iptables-nft -X" case. > > That's possible yes, but why force the user to change the policy from > DROP to ACCEPT to delete an empty basechain right thereafter? Ok, so I will just send a simplified version of this patch that will remove all empty basechains for -X too. Thanks!
