It's looking like nft is creating some extra tables when I create a chain.
Seen below, I can clear the ruleset and then create a table and only the
table I created is in the otherwise empty ruleset. However, if I add a
chain to that table, then two unasked for tables get created, but
perhaps not used. I'm not sure if they are supposed to be there or if
they should be used.
Is this an error on my part? If so what?
Thanks,
Lars
# uname -sr
Linux 4.19.97-v7l+
# nft --version
nftables v0.9.0 (Fearless Fosdick)
# nft flush ruleset
# nft list ruleset
# nft add table ip foobar
# nft list ruleset
table ip foobar {
}
# nft add chain foobar output { type filter hook output priority 0 \;
policy drop \; }
# nft list ruleset
table ip foobar {
chain output {
type filter hook output priority 0; policy drop;
}
}
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
table ip6 filter {
chain INPUT {
type filter hook input priority 0; policy accept;
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
