On Thu, Feb 14, 2019 at 11:58:23AM +0100, Miriam Rico wrote: > Hi, > > Thank you so much. I was trying to use iif instead of iifname so nft > gives me the error that eth* interface does not exist. So I assume > that using iif and/or oif, the interface must exists but not if using > iifname and/or oifname. Yes. iifname should be used for dynamic interfaces, as well as for this sort of wildcard string matching. iif/oif is faster since it uses the interface index, so it's an integer comparison rather than string, but it doesn't work for all scenarios as you describe above.
