Am 14.08.20 um 13:21 schrieb Daniel:
> Le 14/08/2020 à 13:07, Pablo Neira Ayuso a écrit :
>> On Thu, Aug 13, 2020 at 12:28:34PM +0000, Andreas Hoefler wrote:
>>> Hi
>>>
>>> I have a chain with default policy drop.
>>> I would like to first have the default policy set to accept, then add
>>> rules and later change it to drop.
>>> Is this possible?
>> For the record:
>>
>> nft add chain x y { policy accept\; }
>>
>> Assuming an existing basechain 'y'. The backlash (\) before the
>> semicolon is there in case of invoking this from bash.
>
> From bash how to you set priority leaded by - like priority -150 \; We
> always get invalid option
>
> dh@peech:~$ sudo nft add chain ip6 mangle output { type nat hook
> prerouting priority -350 \; policy accept \; }
> nft: invalid option -- '3'
because you don't escape - with \-
don't nft understand quoted params?
nft add chain ip6 mangle output "{ type nat hook prerouting priority
-350 ; policy accept ; }"
