Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > new chain C > > meta oifname bla added to C > > jump added from output to C > > jump added from input to C # should this fail? why? > > > > new chain C > > jump added from input to C > > meta oifname added to C # same q: why should this fail? > > There's tracking infrastructure for this already in place, right? It's > just a matter to check for this from nft_meta_get_validate(). But what semantics would you add? It seems it would 100% break existing rulesets. new chain C jump added from ouput to C meta oifname added to C # allowed? jump from output exists jump added from input to C # disallow this? Why? .. delete jump from output # disallow? This seems rather suicidal to me.
