Hi Folks, I'm trying to create a regular chain with a default drop policy and not getting anywhere. The wiki implies this can be done, but when I try: nft 'add chain ip myTable myChain { policy drop ;}' I get back: Error: Could not process rule: Operation not supported add chain ip O365 O365WhiteList { policy drop ;} ^^^^^^^^^^^ ( those carets line up with the "policy drop" on my terminal. A table called myTable of the ip family exists already ) So are policies actually supported on regular chains? If so, can you tell me what might be wrong with my nft invocation? What I want to do is make a whitelist setup by having a base chain hooked to forward with a rule that jumps to my whitelist chain for packets coming in from one particular interface. Then have the whitelist chain with a default drop policy and a set of rules defining which hosts and networks to accept for further forwarding. Can anyone help me here? nft --version returns: nftables v1.0.6 (Lester Gooch #5) , all operations are being run as root on debian 12. Thanks, Robin.