On 02.02.2025 19:48, Binarus wrote:
On the other hand, during my research, I have found a post [2] that was an eye opener. The first and only reply to the question (at the time of writing) explains in great detail and in an understandable manner that the priority of a nat type chain is simply ignored* and that every nat type chain instead is always executed at priority -100. [* The relative order of nat type chains that are at the same hook is preserved, though, according to the post. ] The post further contains an example ruleset and shows traces that prove the statements made. In summary, it seems convincing to me.
I forgot to mention that the post mentioned above was only about nat type chains at the prerouting hook. There was no statement about nat type chains at the output or postrouting hook. I assume that the situation is similar there, though.
[1] https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks#Priority_within_hook [2] https://unix.stackexchange.com/questions/762402/nftables-are-chains-of-multiple-types-all-evaluated-for-a-given-hook
Best regards, Binarus