From 13709ef9a6bb48ae8376893dc9700469067d933b Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <stapelberg@google.com>
Date: Thu, 14 Jun 2018 08:26:52 +0200
Subject: [PATCH] add FlushRuleset

---
 nftables.go      | 12 ++++++++++++
 nftables_test.go |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/nftables.go b/nftables.go
index 276510c..7af963b 100644
--- a/nftables.go
+++ b/nftables.go
@@ -231,6 +231,18 @@ type Conn struct {
 	err      error
 }
 
+// FlushRuleset flushes the entire ruleset. See also
+// https://wiki.nftables.org/wiki-nftables/index.php/Operations_at_ruleset_level
+func (cc *Conn) FlushRuleset() {
+	cc.messages = append(cc.messages, netlink.Message{
+		Header: netlink.Header{
+			Type:  netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELTABLE),
+			Flags: netlink.HeaderFlagsRequest | netlink.HeaderFlagsAcknowledge | netlink.HeaderFlagsCreate,
+		},
+		Data: extraHeader(0, 0),
+	})
+}
+
 // AddTable adds the specified Table. See also
 // https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables
 func (cc *Conn) AddTable(t *Table) *Table {
diff --git a/nftables_test.go b/nftables_test.go
index d4545b2..e7f62a6 100644
--- a/nftables_test.go
+++ b/nftables_test.go
@@ -41,6 +41,8 @@ func TestConfigureNAT(t *testing.T) {
 	want := [][]byte{
 		// batch begin
 		[]byte("\x00\x00\x0a\x00"),
+		// nft flush ruleset
+		[]byte("\x00\x00\x00\x00"),
 		// nft add table ip nat
 		[]byte("\x02\x00\x00\x00\x08\x00\x01\x00\x6e\x61\x74\x00\x08\x00\x02\x00\x00\x00\x00\x00"),
 		// nft add chain nat prerouting '{' type nat hook prerouting priority 0 \; '}'
@@ -79,6 +81,8 @@ func TestConfigureNAT(t *testing.T) {
 		},
 	}
 
+	c.FlushRuleset()
+
 	nat := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,
 		Name:   "nat",