add FlushRuleset

nftables.go

@@ -231,6 +231,18 @@ type Conn struct {
 	err      error
 }
 
+// FlushRuleset flushes the entire ruleset. See also
+// https://wiki.nftables.org/wiki-nftables/index.php/Operations_at_ruleset_level
+func (cc *Conn) FlushRuleset() {
+	cc.messages = append(cc.messages, netlink.Message{
+		Header: netlink.Header{
+			Type:  netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELTABLE),
+			Flags: netlink.HeaderFlagsRequest | netlink.HeaderFlagsAcknowledge | netlink.HeaderFlagsCreate,
+		},
+		Data: extraHeader(0, 0),
+	})
+}
+
 // AddTable adds the specified Table. See also
 // https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables
 func (cc *Conn) AddTable(t *Table) *Table {

nftables_test.go

@@ -41,6 +41,8 @@ func TestConfigureNAT(t *testing.T) {
 	want := [][]byte{
 		// batch begin
 		[]byte("\x00\x00\x0a\x00"),
+		// nft flush ruleset
+		[]byte("\x00\x00\x00\x00"),
 		// nft add table ip nat
 		[]byte("\x02\x00\x00\x00\x08\x00\x01\x00\x6e\x61\x74\x00\x08\x00\x02\x00\x00\x00\x00\x00"),
 		// nft add chain nat prerouting '{' type nat hook prerouting priority 0 \; '}'
@@ -79,6 +81,8 @@ func TestConfigureNAT(t *testing.T) {
 		},
 	}
 
+	c.FlushRuleset()
+
 	nat := c.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,
 		Name:   "nat",