Hi,
I am trying to do this:
# dynamic list, updated through a bash script:
define $nics = { "nic1", "nic5", ... }
# ...
chain foo {
type filter hook ingress devices = $nics priority -500
# ...
}
The problems I am facing:
1. It seems the perfect solution I was hoping for is not possible:
devices = "nic*"
2. If there is only one device (e.g. "nic7"), the syntax requires:
device "nic7" # not 'devices' and no '='
Trying something like devices = "nic7" results in a segmentation fault.
3. Adding/removing a separate chain for each nic dynamically seems to
me less efficient, i.e. I am trying to avoid it if possible.
What is the right way to do this?
