Hi, I would like to known if somebody have already made some test with nftables recently ?
Mainly, is not possible to use physdev direction, like: -A PVEFW-FWBR-OUT -m physdev --physdev-in tap160i1 --physdev-is-bridged -j tap160i1-OUT I wonder if a simple vmap like this could work: ? https://wiki.nftables.org/wiki-nftables/index.php/Classic_perimetral_firewall_example chain forward { type filter hook forward priority 0; policy drop; jump global oifname vmap { $nic_dmz : jump dmz_in , $nic_lan : jump lan_in } oifname $nic_inet iifname vmap { $nic_dmz : jump dmz_out , $nic_lan : jump lan_out } } _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
