At 2016-11-24 22:48:59, "Florian Westphal" <f...@strlen.de> wrote: >Liping Zhang <zlpnob...@163.com> wrote: [...] >"1" should only appear if lookup-up address is configured on this machine. >For saddr, I don't think its good idea, because it will pass > >oif ne 0 accept
Yes, my patch will break this. > >For ACCEPT_LOCAL i think its easier to combine this with the addrtype >check of just add explicit accept rules that make it bypass nft_fib >rule. Yes, combine this with addrtype will be easier. My first thought was that we can also use "fib saddr oif eq 1" to simulate the ACCECPT_LOCAL, but I'm wrong, it will become more complicated. > >What do you think? > >I agree that for your prerouting daddr example 0 makes no sense and 1 >would indeed be a better option. >
