Hello, I have a question concerning the priority of chains as described here https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority If a lower priority chain accepts a packet it will still traverse the later priority chains. I wanted to cleanly separate tables for docker and/or libvirt, so packets that are accepted by those special lower priority tables shouldn't be reevaluated by the main chains. Is there a good way to achieve such clean separation using different tables ? One way I'd see is maybe marking the accepted packets and adding rules to the top of the chains that match that mark and accept those packets. But this looks like making this more complex than it needs to be if I can achieve the same thing by having the docker, libvirt chains in the main table (which is the case right now). Is there any better way ? Best Regards, Philipp Richter
