doc: document add chain device parameter

nft add chain lacked documentation of its optional device parameter,
specifically what values the parameter accepted, what it did and
when to use it.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Suggested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Brennan Paciorek <bpaciore@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/nft.txt b/doc/nft.txt
index fe123d04f9b95537599f2ee04528ecc48b5a68ad..7e47ca39aa93acf53812496e999c4cba0b06d8d8 100644 (file)
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -434,6 +434,11 @@ further quirks worth noticing:
   *prerouting*, *input*, *forward*, *output*, *postrouting* and this *ingress*
   hook.
 
+The *device* parameter accepts a network interface name as a string, and is
+required when adding a base chain that filters traffic on the ingress or
+egress hooks. Any ingress or egress chains will only filter traffic from the
+interface specified in the *device* parameter.
+
 The *priority* parameter accepts a signed integer value or a standard priority
 name which specifies the order in which chains with the same *hook* value are
 traversed. The ordering is ascending, i.e. lower priority values have precedence