Hi, I found the following section to be a little confusing: https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority The last sentence says "If priority of the 'input chain' above would be changed to -1, all packets would be dropped". That sort of implies to me, that some packets are not dropped, if the priority is not changed. However, reading the example and the information before it, all packets will always be dropped, regardless of any change in the priority. I verified this, by testing it in a VM. Another (admittedly minor) issue is with the explanation of priority ordering. It would be nice if there was a simple sentence, stating that chains with lower priority will be traversed first. This time the example is pretty clear, but I still have to go through the list of netfilter-internal priorities, find the connection tracking operations, compare the value of -200 to -300, and derive the ordering from the result. Since many other tutorials, that are highly ranked on google ([1]) get similiar examples wrong, it would be nice if the rule "lower prio first" was stated in the official nftables documentation, e.g. "Base chains with a lower priority will be evaluated before base chains with a higher priority". [1] https://wiki.meurisse.org/wiki/Fail2Ban
