I think, dependencies is the proper way. iif is just an integer (index),
so kernel can't work with it when it's not present (and you usually
can't predict the index of the given interface).
iffname does lookup, but it's slow.
On 03/07/2023 10:40, Serg wrote:
Hello netfilter community,
How do you deal with iif used at persistent ruleset? Personally, my
issue is that VLAN device is not created at the moment when
nftables.service is started on boot, thus the following error happens:
Error: Interface does not exist
To solve this issue I use this systemd service override configuration:
# /etc/systemd/system/nftables.service.d/override.conf
# Configuring the nftables to start after the network has been started
[Unit]
Before=
After=network-online.target
But are there any alternatives approaches to this issue?
I know that there is iifname as a safe alternative, but as far as I
know it has huge performance drawback and thus its' usage is
discouraged in my case.
