git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 4 Jun 2015 18:58:59 +0000 (20:58 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 Jun 2015 16:22:43 +0000 (18:22 +0200)
commit	6c43069e5f2a55d769ec6d362bc863af906591d0
tree	24a979dfd7b04c5b57d2c02ffd996343325fdb60	tree
parent	1e743925a597055c82200540a7c8c3e2ec506878	commit \| diff

src: add netdev family support

This patch adds support for the new 'netdev' table. So far, this table allows
you to create filter chains from ingress.

The following example shows a very simple base configuration with one table that
contains a basechain that is attached to the 'eth0':

# nft list table netdev filter
table netdev filter {
        chain eth0-ingress {
                type filter hook ingress device eth0 priority 0; policy accept;
        }
}

You can test that this works by adding a simple rule with counters:

# nft add rule netdev filter eth0-ingress counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

doc/nft.xml		diff \| blob \| blame \| history
include/linux/netfilter.h		diff \| blob \| blame \| history
include/rule.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/payload.c		diff \| blob \| blame \| history
src/proto.c		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history