In the nft(8) man page, I see the following. I have not tested this behavior myself. accept Terminate ruleset evaluation and accept the packet. The packet can still be dropped later by another hook, for instance accept in the forward hook still allows to drop the packet later in the postrouting hook, or another forward base chain that has a higher priority number and is evaluated afterwards in the processing pipeline. I was keying off "another hook". I think another base chain with the same hook type but a different priority is considered a different hook. It's hard to describe 'the set of chains reachable from the current base chain' with a single word. They are all executing within the context of the current hook+priority, which is what is terminated on accept. -----Original Message----- From: Slavko <linux@xxxxxxxxxx> Sent: Monday, August 26, 2024 10:53 AM To: netfilter@xxxxxxxxxxxxxxx Subject: RE: Understanding output from "nft list" EXTERNAL EMAIL - USE CAUTION when clicking links or attachments Dňa 26. augusta 2024 16:32:23 UTC používateľ "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx> napísal: > 'Accept', on the other hand, accepts the packet in the current hook. No other rules reachable from the hook chain are executed. Are you sure with that? My understanding of "accept" verdict is, that it ends processing rules in current chain, not in current hook. Thus rules in other chains (with lower priority -- higher number) in current hook are applied. regards -- Slavko https://www.slavino.sk/