Policy info is missing in iptables output

[Shellcat-Zero]

Normal output of iptables -xnvL will show lines like:

Chain FORWARD (policy DROP 1110 packets, 141866 bytes)
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

that indicates the current policy and associated packet/byte counts processed by the policy. This output appears to be missing from a command like iptables -xnvL | jc --iptables. Please advise.

Thanks!

[kellyjonbrazil]

Hi there - I can add these fields. I'm assuming these are the totals since the table was initialized? I notice the numbers don't always match up to the underlying rules in the output so wasn't sure how they worked.

[Shellcat-Zero]

From what I have observed the packets/bytes count corresponds to whatever makes it all the way to the end of the chain where the policy finally acts on the packets. The 'default policy' is whatever happens when packets make it to the end of the chain. I had set up logs at the end of my chains, which would always catch packets prior to the policy, and their packet/byte counts correspond to the policy numbers as shown in my example above, confirming to me that those numbers correspond to packets/bytes being handled specifically by the default policy.