On Thu, 2024-01-18 at 14:16 +0100, Ralph Aichinger wrote: > On Thu, 2024-01-18 at 12:51 +0000, Tixy wrote: > > > > I have the same options in the forward chain except that I haven't > > qualified them with an interface name. Didn't occur to me that I > > would > > need to do that as there are only two networks my LAN and 'the > > internet'. > > You probably don't need to, I just copied the example from the nftables > wiki. For my setup it might in theory make a difference because maybe > it could interfere with the use of jumbo frames on my lan,
I'm not a network expert, but surely machines on your LAN are sending packets direct to each other, not using this machine as a gateway? Isn't that what the sub-net mask about? Identifying IP addresses that are directly accessible and for any other addresses packets are sent to the 'gateway'. > but as the > machine in question is a lowly Rasbperry Pi 4, it is a rather > theoretical aspect. Not as lowly as my SheevPlug ;-) Though to be fair, the SoC's inbuilt ethernet and SATA devices do make it good for the use-cases it was designed for, e.g. a NAS, or router. -- Tixy
