Both queue and fwd statement end evaluation of a rule: in ... fwd to "eth0" accept ... queue accept "accept" is redundant and never evaluated in the kernel. Add the missing "TERMINAL" flag so the evaluation step will catch any trailing expressions: nft add rule filter input queue counter Error: Statement after terminal statement has no effect Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/evaluate.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/evaluate.c b/src/evaluate.c index b8bcf4866d8d..29fe966008b1 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2963,6 +2963,7 @@ static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt) default: return stmt_error(ctx, stmt, "unsupported family"); } + stmt->flags |= STMT_F_TERMINAL; return 0; } @@ -2982,6 +2983,7 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt) "fanout requires a range to be " "specified"); } + stmt->flags |= STMT_F_TERMINAL; return 0; } -- 2.21.0
