Skip to content

Commit

Permalink
Fix nftables / device rename race on boot
Browse files Browse the repository at this point in the history 
On some boots nftables would start before udev had renamed the wan0
device, causing the service to fail to start.

Using 'oifname' instead of 'oif' allows the creation of nftables rules
for device that don't exist.
  • Loading branch information
Julian Phillips committed Sep 27, 2021
1 parent c39a7cb commit 07e04db
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions etc/nftables.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ table ip filter {
chain forward {
type filter hook forward priority 0; policy drop;
ct state established,related counter accept
iifname "br0" oif "wan0" counter accept
iifname "br0" oifname "wan0" counter accept
}

chain output {
Expand Down Expand Up @@ -40,6 +40,6 @@ table ip nat {

chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif "wan0" counter masquerade
oifname "wan0" counter masquerade
}
}

0 comments on commit 07e04db

Please sign in to comment.