On Tue, Aug 27, 2019 at 02:34:14PM -0300, Leonardo Bras wrote: > On Tue, 2019-08-27 at 12:35 +0200, Pablo Neira Ayuso wrote: [...] > > NFT_BREAK instead to stop evaluating this rule, this results in a > > mismatch, so you let the user decide what to do with packets that do > > not match your policy. > > Ok, I will replace for v3. Thanks. > > The drop case at the bottom of the fib eval function never actually > > never happens. > > Which one do you mean? Line 31 of net/netfilter/nft_fib_inet.c.
