Le 10/12/2020 à 12:48, Eyal Birger a écrit : > Hi Nicolas, Hi Eyal, > > On Thu, Dec 10, 2020 at 1:10 PM Nicolas Dichtel > <nicolas.dichtel@xxxxxxxxx> wrote: [snip] > I also think they should be consistent. But it'd still be confusing to me > to get an OUTPUT hook on the inner packet in the forwarding case. I re-read the whole thread and I agree with you. There is no reason to pass the inner packet through the OUTPUT hook (my comment about the consistency with ip tunnels is still valid ;-)). Sorry for the confusion. Phil, with nftables, you can match the 'kind' of the interface, that should be enough to match packets, isn't it? Regards, Nicolas
