From: Brennan Paciorek <bpaciore@redhat.com>
Date: Wed, 2 Aug 2023 18:29:47 +0000 (-0400)
Subject: doc: document add chain device parameter
X-Git-Tag: v1.0.9~214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aef2a35f67160fd4447f2a7585baf379866eefb2;p=thirdparty%2Fnftables.git

doc: document add chain device parameter

nft add chain lacked documentation of its optional device parameter,
specifically what values the parameter accepted, what it did and
when to use it.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Suggested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Brennan Paciorek <bpaciore@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/doc/nft.txt b/doc/nft.txt
index fe123d04..7e47ca39 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -434,6 +434,11 @@ further quirks worth noticing:
   *prerouting*, *input*, *forward*, *output*, *postrouting* and this *ingress*
   hook.
 
+The *device* parameter accepts a network interface name as a string, and is
+required when adding a base chain that filters traffic on the ingress or
+egress hooks. Any ingress or egress chains will only filter traffic from the
+interface specified in the *device* parameter.
+
 The *priority* parameter accepts a signed integer value or a standard priority
 name which specifies the order in which chains with the same *hook* value are
 traversed. The ordering is ascending, i.e. lower priority values have precedence