If I first run this script:
#!/usr/sbin/nft -f
table inet filter {
chain mychain1 {
accept
}
chain mychain2 {
ip daddr vmap { 1.1.1.1 : goto mychain1 }
}
}
Then running this script fails:
#!/usr/sbin/nft -f
flush chain inet filter mychain1
flush chain inet filter mychain2
delete chain inet filter mychain1
delete chain inet filter mychain2
With the error:
Error: Could not process rule: Device or resource busy
delete chain inet filter mychain1
Is this expected?
I understand that I could just make two atomic steps: One to flush, and one to delete. But I would prefer the failure mode of one atomic step. Also, I would like to understand which limitations there are in nftables that prevents this from working.
My nftables version is 1.0.2 and my kernel version 5.15.74.
Ok, I tried with an nft version 1.0.6 and kernel 6.1.0-12 and it worked without issues.