On 2020-10-13 13:38, Pablo Neira Ayuso wrote:
> Add support for inet ingress chains.
>
> table inet filter {
> chain ingress {
> type filter hook ingress device "veth0" priority filter; policy accept;
> }
> chain input {
> type filter hook input priority filter; policy accept;
> }
> chain forward {
> type filter hook forward priority filter; policy accept;
> }
> }
This sound interesting, thanks.
I could see some questions coming from users:
* where are the docs on which packet/traffic sees this nft family vs netdev?
* what are the added benefit of this nft family vs netdev?
* is the netdev family somehow deprecated?
regards.
