On Thu, Apr 28, 2022 at 09:39:21AM +0200, Florian Westphal wrote: > Check if the incoming interface is available and NFT_BREAK > in case neither skb->sk nor input device are set. > > Because nf_sk_lookup_slow*() assume packet headers are in the > 'in' direction, use in postrouting is not going to yield a meaningful > result. Same is true for the forward chain, so restrict the use > to prerouting, input and output. > > Use in output work if a socket is already attached to the skb. Applied to nf.git, thanks
