From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Martin Gignac <martin.gignac@gmail.com>
Cc: Florian Westphal <fw@strlen.de>, netfilter@vger.kernel.org
Subject: Re: Trying to provision flowtable returns error
Date: Thu, 5 Nov 2020 22:01:46 +0100 [thread overview]
Message-ID: <20201105210146.GA10732@salvia> (raw)
In-Reply-To: <CANf9dFPaiLP-fJVHtKxG2aFO-Q18rEnNgwN4Yoqut4je5wZaig@mail.gmail.com>
On Thu, Nov 05, 2020 at 01:41:53PM -0500, Martin Gignac wrote:
> > However, this would only insert the flow table statements on server
> > bootup. Since '/etc/nftables/firewall.nft' ttself *wouldn't* contain
> > the flow tables statements, any 'systemctl reload nftables' or 'nft -f
> > /etc/nftables/firewall.nft' action (to apply a rule change, for
> > example) would essentially get rid of the flow tables mechanism from
> > the running system, wouldn't it?
>
> I guess there's no "equivalent" of iifname/oifname for flow table
> devices where you could refer to a device that does not (yet) exist?
You can dynamically add/delete devices to/from flowtables since Linux
kernel 5.8
next prev parent reply other threads:[~2020-11-05 21:01 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 10:37 nftables iifname and currently unknown interfaces Robert Sander
2020-10-16 10:54 ` Pablo Neira Ayuso
2020-10-16 10:56 ` Florian Westphal
2020-10-16 11:10 ` Robert Sander
2020-10-28 22:25 ` Pablo Neira Ayuso
2020-11-04 5:30 ` Trying to provision flowtable returns error Martin Gignac
2020-11-05 0:53 ` Duncan Roe
2020-11-05 15:17 ` Martin Gignac
2020-11-05 15:38 ` Florian Westphal
2020-11-05 16:20 ` Martin Gignac
2020-11-05 17:07 ` Florian Westphal
2020-11-05 18:21 ` Martin Gignac
2020-11-05 18:41 ` Martin Gignac
2020-11-05 21:01 ` Pablo Neira Ayuso [this message]
2020-11-05 21:45 ` Martin Gignac
2020-11-06 10:58 ` Pablo Neira Ayuso
2020-11-06 15:13 ` Martin Gignac
2020-11-06 15:24 ` Martin Gignac
2020-11-06 16:21 ` Pablo Neira Ayuso
2020-11-06 19:20 ` Martin Gignac
2020-11-10 15:04 ` Gordon Fisher
2020-11-06 17:18 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201105210146.GA10732@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=martin.gignac@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.