From 22243d5c708ef5669f00b7674d3115afc811dd7b Mon Sep 17 00:00:00 2001
From: Maxime Demode <maxime.demode@sewan.fr>
Date: Wed, 23 Oct 2019 14:18:45 +0200
Subject: [PATCH] [chain] Add FlushChain function.

---
 chain.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/chain.go b/chain.go
index 3bc9c16..31b1500 100644
--- a/chain.go
+++ b/chain.go
@@ -151,6 +151,22 @@ func (cc *Conn) DelChain(c *Chain) {
 	})
 }
 
+// FlushChain removes all rules within the specified Chain. See also
+// https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Flushing_chain
+func (cc *Conn) FlushChain(c *Chain) {
+	data := cc.marshalAttr([]netlink.Attribute{
+		{Type: unix.NFTA_RULE_TABLE, Data: []byte(c.Table.Name + "\x00")},
+		{Type: unix.NFTA_RULE_CHAIN, Data: []byte(c.Name + "\x00")},
+	})
+	cc.messages = append(cc.messages, netlink.Message{
+		Header: netlink.Header{
+			Type:  netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | unix.NFT_MSG_DELRULE),
+			Flags: netlink.Request | netlink.Acknowledge,
+		},
+		Data: append(extraHeader(uint8(c.Table.Family), 0), data...),
+	})
+}
+
 // ListChains returns currently configured chains in the kernel
 func (cc *Conn) ListChains() ([]*Chain, error) {
 	conn, err := cc.dialNetlink()