Florian Westphal <fw@xxxxxxxxx> wrote: > The br_netfilter_broute flag is required, but I don't like a new chain > type for this, nor keeping the drop/accept override. > > I'd add a new "broute" expression that sets the flag in the skb cb > and sets NF_ACCEPT, useable in bridge family -- I think that this would > be much more readable. Or, even simpler, extend nft_meta_bridge.c and extend nft userspace to support: nft ... meta broute set 1 accept We also support nftrace this way, so there is precedence for it.
