The kernel enables policy counters for nftables chains only if
NFTA_CHAIN_COUNTERS attribute is present. For this to be generated, one
has to set NFTNL_CHAIN_PACKETS and NFTNL_CHAIN_BYTES attributes in the
allocated nftnl_chain object.
The above happened for base chains only with iptables-nft-restore if
called with --counters flag. Since this is very unintuitive to users,
fix the situation by adding counters to base chains in any case.
Fixes: 384958620abab ("use nf_tables and nf_tables compatibility interface") Signed-off-by: Phil Sutter <phil@nwl.cc>
projects / thirdparty / iptables.git / commit
