Skip to content

Commit

Permalink
Fix nftables / device rename race on boot
Browse files Browse the repository at this point in the history 
On some boots nftables would start before udev had renamed the wan0
device, causing the service to fail to start.

Using 'oifname' instead of 'oif' allows the creation of nftables rules
for device that don't exist.
  • Loading branch information
@chr0mag
chr0mag committed Nov 18, 2024
1 parent e41fe60 commit 956210b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions etc/nftables.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ table ip filter {
chain forward {
type filter hook forward priority 0; policy drop;
ct state established,related counter accept
iifname "br0" oif "wan0" counter accept
iifname "br0" oifname "wan0" counter accept
}

chain output {
Expand Down Expand Up @@ -40,6 +40,6 @@ table ip nat {

chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif "wan0" counter masquerade
oifname "wan0" counter masquerade
}
}

0 comments on commit 956210b

Please # to comment.