Hello netfilter community,
How do you deal with iif used at persistent ruleset? Personally, my
issue is that VLAN device is not created at the moment when
nftables.service is started on boot, thus the following error happens:
Error: Interface does not exist
To solve this issue I use this systemd service override configuration:
# /etc/systemd/system/nftables.service.d/override.conf
# Configuring the nftables to start after the network has been started
[Unit]
Before=
After=network-online.target
But are there any alternatives approaches to this issue?
I know that there is iifname as a safe alternative, but as far as I know
it has huge performance drawback and thus its' usage is discouraged in
my case.
