Thanks for the quickly reply. Maybe I missed something, but it seems both nexthop and fib can only filter packets that go out of a certain interface, but not ones that have wan IP as the destination? > On Apr 28, 2023, at 3:22 PM, seentr@xxxxxxxxxxxx wrote: > > Have you tried this: https://wiki.nftables.org/wiki-nftables/index.php/Matching_routing_information ? > > 2023-04-28T03:59:07Z Glen Huang <heyhgl@xxxxxxxxx>: > >> Hi, >> >> I use tproxy to redirect all traffic from the lan interface, but I want to exemplify traffic whose destination IP belongs to the wan interface. I wonder if it’s possible to specify if ip daddr matches the wan interface IP in the prerouting chain? >> >> The only solution I can think of right now, is to create a set, and manually update the set with wan IPs (also whenever they change), which is very cumbersome. >> >> I wonder if there is a direct way to that in nft? >> >> I use nft1.0.7 with kernel 5.15.108
