On Tue, 4 Jul 2017 22:53:11 +0200 Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Le 04/07/2017 à 03:14, Robert White a écrit : > > > > I've honestly go no clue why you cant use --in-interface in a > > POSTROUTING chain. > > Because the POSTROUTING chains also see packets that are generated > locally and have no input interface. Logically, (for example) locally generated packets (that have no input interface) and packets from eth1 should equally fail to match "--in-interface eth2". In other words, a packet that has no source interface should never match any '--in-interface X' option because it clearly did not, and could not have, come in from interface X. Of course, the implementation may present different conditions and limitations. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
