nft:tldr:13287

This command is used to add a new chain to the nftables firewall configuration. Here's a breakdown of the different components of the command:

• sudo: This is a command used in Unix-like systems to run a command with administrative privileges.
• nft: This is the command-line interface for managing nftables, which is a framework for packet filtering and routing in Linux.
• add: This is a subcommand of nft that is used to add a new component to the firewall configuration.
• chain ${inet} ${filter} ${input}: This is the name of the chain being added. The ${inet} variable represents the internet family (IPv4 or IPv6), ${filter} represents the table to which the chain belongs, and ${input} is the name of the chain itself. For example, this could be ipv4, ipv6, inet, etc., for the internet family, and filter for the table.
• type ${filter} hook ${input} priority ${0}: This specifies the type of chain, the hook it is connected to, and its priority. The ${filter} variable is used to specify the chain type which, in this case, is the filter. ${input} is the hook where packets will enter the chain. ${0} is the priority of the chain, where 0 represents the highest priority.
• \;: This is used to separate multiple commands executed in a single line.
• policy ${accept}: This sets the policy of the chain, which determines what happens to packets that reach the end of the chain. ${accept} specifies that the packets should be accepted if they reach this chain.

Overall, this command creates a new chain named ${input} within the ${filter} table of the ${inet} internet family. It sets the chain type, hook, priority, and policy.