On Mon, 26 Jun 2023 08:51:02 +0800 Michael Deegan <michael@xxxxxxxxxxxx> wrote: > > To decipher the parts of the match expression, this might help (scan for "transport header"). > > > > https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_headers > > Ta, I'll (re)read this in the hope of getting better understanding of the > grammar, which I'll need to do if I'm to work out why changing my table from > "ip" to "inet" at the top of my ruleset breaks everything even though the > ruleset loads fine. 😅 Note that "ip protocol" constitutes an IPv4 header expression. It can be replaced with "meta l4proto", in which case the rule(s) will apply for both IPv4 and IPv6. -- Kerin Millar
