Nftables Base Chain Hooks

Description

The possible hooks which can be used to configure the base chain are: ingress (only in netdev family since Linux kernel 4.2, and inet family since Linux kernel 5.10): sees packets immediately after they are passed up from the NIC driver, before even prerouting. prerouting sees all incoming packets, before any routing decision has been made. Packets may be addressed to the local or remote systems. input sees incoming packets that are addressed to and have now been routed to the local system and processes running there. forward sees incoming packets that are not addressed to the local system. output sees packets that originated from processes in the local machine. postrouting sees all packets after routing, just before they leave the local system.