On Tue, Nov 12, 2019 at 05:14:37PM +0100, Phil Sutter wrote: > Instead of generally passing NULL to NF_HOOK_COND() for input device, > pass skb->dev which contains input device for routed skbs. > > Note that iptables (both legacy and nft) reject rules with input > interface match from being added to POSTROUTING chains, but nftables > allows this. Applied, thanks.
