Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
It has nothing to do with priorities. Chains in the same hook are cascaded. Chain "input" has policy "drop" and allows only SSH. Chain "http" accepts everything so is useless.
My advice : don't set multiple chains for filtering in the same hook unless they use independent criteria (e.g. one chain filters only on src and another filters only on dst).
p.H wrote: ↑2022-01-21 21:52
My advice : don't set multiple chains for filtering in the same hook unless they use independent criteria (e.g. one chain filters only on src and another filters only on dst).
Sure, but what about for example if I want to use a config management tool (e.g. Salt) to inject specific chains depending on what is running on the server? Ideally I want to be able to do this by an "include /etc/nft/*.conf" clause that would include the extra chains files that are placed in that directory.
Is there a viable workaround to use multiple chains ? e.g. other firewalls have a "quick" that enables a specific "action right now" behaviour, but I cannot see this in nft ?
You can create "custom" (non base) chains and call them from rules in base chains (or other custom chains). This way the "accept" target is definitive.