ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
> For the use of |meter| I would like to concatenate ifaces, to
> distinguish between wan and lan. For sets there does not seem a suitable
> string (e.g. |iface_name|) available though and |ether_addr| can be
> spoofed, however likely it might be for someone/a.i. to match the wan's nic.
iifname can be used in sets starting with 0.8.3 version.
You can use 'iif' instead to check by interface index number which will
be fine if the interfaces are not dynamic (like ppp for instance).
> Thus I was trying |meta iifname ne { lo, br* }| but that throws an error.
Yes, '*' won't work in any version of nft yet; use of a set (which is
what { } notation is) requires that nft can find the input in the set.
> Is iface concatenation not supported? The only solution would appear to
> write line for each iface but |meta iifname ne br*| is throwing this
> "Error: Could not process rule: Device or resource busy".
Thats strange, this works fine for me even when I downgrade to 0.8.2.
Its expected to work.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
