I have a voip server sometimes connected to my nftables box. I use a
flowtable to handle the udp voip packets:
table ip filter {
flowtable f {
hook ingress priority 0 devices = { external , internal };
}
.........
chain FORWARD {
...........
udp dport { iax, 10000-65000 } flow offload @f
..........
which works extremely well.
But sometimes the voip server is not connected and the "internal"
interface does not exist (it's a usb adapter). When that happens
nftables fails to start, completely, leaving the third interface, "LAN",
unable to access the internet since there's no masquerade.
Is there a way to set up the filter table so that failure of the
flowtable and the rule using flowtable don't cause the whole ruleset to
fail ?
sean
