From a46119e5928d17563cee3bf3a5fba8dc9f79ab41 Mon Sep 17 00:00:00 2001
From: turekt <32360115+turekt@users.noreply.github.com>
Date: Sat, 29 Jan 2022 18:26:06 +0000
Subject: [PATCH] Support for rule position 0 (#143)

Added uint32 Flags to Rule struct to support rules set with position 0

fixes https://github.com/google/nftables/issues/126
---
 rule.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/rule.go b/rule.go
index ec4ce1f..64f3115 100644
--- a/rule.go
+++ b/rule.go
@@ -42,6 +42,11 @@ type Rule struct {
 	Chain    *Chain
 	Position uint64
 	Handle   uint64
+	// The list of possible flags are specified by nftnl_rule_attr, see
+	// https://git.netfilter.org/libnftnl/tree/include/libnftnl/rule.h#n21
+	// Current nftables go implementation supports only
+	// NFTNL_RULE_POSITION flag for setting rule at position 0
+	Flags    uint32
 	Exprs    []expr.Any
 	UserData []byte
 }
@@ -136,7 +141,7 @@ func (cc *Conn) newRule(r *Rule, op ruleOperation) *Rule {
 		flags = netlink.Request | netlink.Acknowledge | netlink.Replace | unix.NLM_F_ECHO | unix.NLM_F_REPLACE
 	}
 
-	if r.Position != 0 {
+	if r.Position != 0 || (r.Flags&(1<<unix.NFTA_RULE_POSITION)) != 0 {
 		msgData = append(msgData, cc.marshalAttr([]netlink.Attribute{
 			{Type: unix.NFTA_RULE_POSITION, Data: binaryutil.BigEndian.PutUint64(r.Position)},
 		})...)