On 2020/03/24 15:28, darius wrote:
I was referring to Netfilter packet flow https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg
...
But again, nft is replacement for netfilter and it works in slightly different way. that was maybe a bad idea to try to follow Netfilter packet flow diagram.
The Wikipedia article was conflating netfilter with iptables. nftables is part of netfilter; it replaces iptables, the packet-filtering portion of netfilter. I've made some edits to try to make this distinction.
Thanks, Frank
