1

It is described in the documentation of nftables as:

continue  
    Continue ruleset evaluation with the next rule.
    This is the default behaviour in case a rule issues no verdict.

But I am curious as what might be the use cases of continue

Improve this question
0

1 Answer 1

Reset to default
1

One use case is, for example, it can be used in chain filters e.g. to match multiple connection states and set actions like established: accept, related: accept and new: continue where rules for new connections are defined in the following set for example ... Something like:

  chain base_filter {
    counter jump drop_filter
    ct state vmap {
      established: accept,
      related: accept,
      new: continue,
      invalid: drop
    }

... quoted from https://wiki.gentoo.org/wiki/Nftables

It's a convenience feature that mostly keeps coherence and consistency when writing/reading rules by humans (especially presets) and can be a needed feature in some cases when sometimes you might need to match a few, set action on some and continue on others.

Improve this answer
2
  • Thanks for your fast response , but what happen to the subsequent actions and rules following the "continue" verdict ?
    – Noah5CE
    Commented Jan 26 at 13:04
  • 1
    @Noah5CE You are welcome ... They have no idea continue was used in a previous rule ... It's the default verdict when a rule isn't matched so the connection is evaluated against the next rule ... either ways it's the same for the subsequent rules so nothing special when it's manually specified vs automatically (as default on no match) AFAIK
    – Raffa
    Commented Jan 26 at 13:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .