On Tue, 8 Oct 2024 19:00:50 +0000 Robin Bussell <RobinB@xxxxxxxxxxxxxxx> wrote: > > > > > On 8 Oct 2024, at 18:12, Kerin Millar <kfm@xxxxxxxxxxxxx> wrote: > > [You don't often get email from kfm@xxxxxxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > [EXTERNAL EMAIL] > > On Tue, 8 Oct 2024, at 5:59 PM, Robin Bussell wrote: > Hi Folks, > I'm trying to create a regular chain with a default drop > policy and not getting anywhere. The wiki implies this can be done, but > when I try: > > nft 'add chain ip myTable myChain { policy drop ;}' > > I get back: > > Error: Could not process rule: Operation not supported > add chain ip O365 O365WhiteList { policy drop ;} > ^^^^^^^^^^^ > > ( those carets line up with the "policy drop" on my terminal. A table > called myTable of the ip family exists already ) > > So are policies actually supported on regular chains? If so, can you > tell me what might be wrong with my nft invocation? > > There can be no policy for a chain bearing no hook. > > > <https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains> > Configuring chains<https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains> > wiki.nftables.org<https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains> > [X]<https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains> > This wiki article states otherwise though. The article has been corrected. -- Kerin Millar