On Wed, 4 Jun 2025 15:52:35 +0200
Phil Sutter <phil@xxxxxx> wrote:
>Did you try requesting a user account?
Frankly, I do not know how.
>you could add the missing documentation to nft man page and submit a
>patch
See the attachment.
diff --git a/doc/nft.txt b/doc/nft.txt
index c1bb4997..1be2fbac 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -397,7 +397,8 @@ CHAINS
Chains are containers for rules. They exist in two kinds, base chains and
regular chains. A base chain is an entry point for packets from the networking
stack, a regular chain may be used as jump target and is used for better rule
-organization.
+organization. Regular chains can be anonymous, see *VERDICT STATEMENT* examples
+for details.
[horizontal]
*add*:: Add a new chain in the specified table. When a hook and priority value
diff --git a/doc/statements.txt b/doc/statements.txt
index 74af1d1a..384fda51 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -42,6 +42,9 @@ resumes with the next base chain hook, not the rule following the queue verdict.
filter input iif eth0 ip saddr 192.168.0.0/24 jump from_lan
filter input iif eth0 drop
+
+# jump and goto statements support anonymous chain creation
+filter input iif "eth0" jump { ip saddr 192.168.0.0/24 drop ; udp dport domain drop ; }
-------------------
PAYLOAD STATEMENT
