Nick <vincent@xxxxxxxxxxxx> wrote: > OpenWrt switched to nftables in its firewall4 implementation [0]. Now people > start porting their custom iptables rules to nft. However, there is a lack > of "finally" accepting a packet without traversing the other chains with the > same hook type and later priority in the same table [1,2]. Jumping/GoTo > statements do not help [3]. Is it possible to add an action/policy allowing > us to stop traversing the table? > > [0] - https://git.openwrt.org/project/firewall4.git > [1] - https://github.com/openwrt/openwrt/issues/9981 This statement is incorrect, nft behaves like iptables. ACCEPT in raw table moves packet to mangle table, and so on. The confusion arises because users that to add their own tables, and then are surprised that their 'accept' "does not work" the way they expect. Its not possible to implement a 'full accept' because it would also make the packet skip the internal hooks that are used e.g. by conntrack. Why does jump/goto not help? It works just like in iptables.
