Statements are elements of rules. Non-terminal statement are in particular
passive with respect to their rules (and thus automatically with respect to the
whole ruleset).
In “Continue ruleset evaluation”, it’s not necessary to mention the ruleset as
it’s obvious that the evaluation of the current chain will be continued.
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
Signed-off-by: Florian Westphal <fw@strlen.de>
Statements exist in two kinds. Terminal statements unconditionally terminate
evaluation of the current rule, non-terminal statements either only
conditionally or never terminate evaluation of the current rule, in other words,
-they are passive from the ruleset evaluation perspective. There can be an
+they are passive from the rule evaluation perspective. There can be an
arbitrary amount of non-terminal statements in a rule, but only a single
terminal statement as the final statement.
*queue*:: Terminate ruleset evaluation and queue the packet to userspace.
Userspace must provide a drop or accept verdict. In case of accept, processing
resumes with the next base chain hook, not the rule following the queue verdict.
-*continue*:: Continue ruleset evaluation with the next rule. This
+*continue*:: Continue evaluation with the next rule. This
is the default behaviour in case a rule issues no verdict.
*return*:: Return from the current chain and continue evaluation at the
next rule in the last chain. If issued in a base chain, it is equivalent to the
projects / thirdparty / nftables.git / commitdiff
