Hi, I'm still new to nftables and couldn't find some answers in the current docs regarding some special cases. Where do packets go that are neither IPv4 nor IPv6? (Which tables/hooks) How does bridge filtering work exactly, I mean what's the packet flow? If an IPv4 packet comes in from a bridge interface, and also leaves through another port of the same bridge, will I see that packet in the IPv4/6 table's forward chain? What if the packet comes in from a bridge, and is delivered locally or leaves through another interface? (There was a kernel option for iptables called CONFIG_BRIDGE_NETFILTER, it was clear to me and it made bridging something that I never cared about before, because I simply saw all bridge traffic in the forward chain.) I also see some inconsistencies. The wiki mentions that the table types refer to layer 3 protocols, but bridging is layer 2 I think. The wiki also mentions that there is an ARP table type, and I'd love to see a sample of that in the source code (files/nftables/ directory already contains bridge, inet, ip and ip6 samples). I do appreciate the flexibility of nftables, but mixing all this L2/L3 stuff is a bit confusing, sorry for my stupid questions. Please CC me, I'm not on the list. Thanks, Jozsef -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
