Hi Marti, On Fri, Jan 10, 2020 at 05:34:12PM +0100, Martin Willi wrote: > Pablo, > > > This patchset introduces a new Netfilter match extension to match > > input interfaces that are associated to a layer 3 master device. The > > first patch adds the new match to the kernel, the other provides an > > extension to userspace iptables to make use of the new match. > > These patches have been marked as superseded in patchworks, likely due > to Florian's nftables version that has been merged. > > While I very much appreciate the addition of VRF interface matching to > nftables, some users still depend on plain iptables for filtering. So I > guess there is some value in these patches for those users to extend > their filtering with VRF support. A single xt_slavedev module only for this is too much overhead, if you find an existing extension (via revision infrastructure) where you can make this fit in, I would consider this. Thanks.
