Hi Ignat, On Fri, Feb 09, 2024 at 12:19:54PM +0000, Ignat Korchagin wrote: > diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c > index 1f9474fefe84..beea8c447e7a 100644 > --- a/net/netfilter/nft_compat.c > +++ b/net/netfilter/nft_compat.c > @@ -359,6 +359,7 @@ static int nft_target_validate(const struct nft_ctx *ctx, > > if (ctx->family != NFPROTO_IPV4 && > ctx->family != NFPROTO_IPV6 && > + ctx->family != NFPROTO_INET && Please send a v2 restricting this to hooks prerouting, input, forward, output and postrouting which are the classic hooks, so ingress is not allowed, both for matches and targets. Thanks