On 21/03/2020 09:53, ѽ҉ᶬḳ℠ wrote:
With some (soft) NETDEV being available only after NFT been invoked at
boot time, e.g. bridge or pppoe, NFT would fail to load at boot time
if such NETDEV being stipulated, e.g.
flowtable f { hook ingress priority 0; devices = { pppoe-wan, lan0,
lan1, lan2, lan3, lan4, br-lan }; }
Is there a syntax that would allow to add/alter such dynamic dev to an
initial stanza, e.g.
flowtable f { hook ingress priority 0; devices = { lan0, lan1, lan2,
lan3, lan4 }; }
and then adding pppoe-* and/or br-* to it? Or is there any other good
practice, e.g. are dynamic sets are working with flowtable device =?
Other NETDEV that may not be available at the NFT start during boot
time, or that are dynamically enabled/disabled, are WLan and VPN (tap,
tun, wg). Whilst this can be worked around with hotplug scripts it does
not help with altering the > devices = { } < portion in a dynamic fashion.
The replace command does not seem suitable as it requires the query for
the rule handle.
Thus the question whether dynamic sets are suitable/working for the >
devices = { } < portion?
