On Thu, Nov 05, 2020 at 01:41:53PM -0500, Martin Gignac wrote: > > However, this would only insert the flow table statements on server > > bootup. Since '/etc/nftables/firewall.nft' ttself *wouldn't* contain > > the flow tables statements, any 'systemctl reload nftables' or 'nft -f > > /etc/nftables/firewall.nft' action (to apply a rule change, for > > example) would essentially get rid of the flow tables mechanism from > > the running system, wouldn't it? > > I guess there's no "equivalent" of iifname/oifname for flow table > devices where you could refer to a device that does not (yet) exist? You can dynamically add/delete devices to/from flowtables since Linux kernel 5.8
