From 7d1b3360615761f19f18b348ad7e1b64fa6a5793 Mon Sep 17 00:00:00 2001 From: bol-van Date: Wed, 16 Feb 2022 17:52:16 +0300 Subject: [PATCH] nft: use iif instead of iifname for lo --- common/nft.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/nft.sh b/common/nft.sh index 0b8dc79..004d274 100644 --- a/common/nft.sh +++ b/common/nft.sh @@ -82,7 +82,7 @@ cat << EOF | nft -f - flush chain inet $ZAPRET_NFT_TABLE localnet_protect add rule inet $ZAPRET_NFT_TABLE localnet_protect ip daddr $TPWS_LOCALHOST4 return comment "route_localnet allow access to tpws" add rule inet $ZAPRET_NFT_TABLE localnet_protect ip daddr 127.0.0.0/8 drop comment "route_localnet remote access protection" - add rule inet $ZAPRET_NFT_TABLE input iifname != lo jump localnet_protect + add rule inet $ZAPRET_NFT_TABLE input iif != lo jump localnet_protect add chain inet $ZAPRET_NFT_TABLE postrouting { type filter hook postrouting priority -151; } flush chain inet $ZAPRET_NFT_TABLE postrouting add set inet $ZAPRET_NFT_TABLE lanif { type ifname; }