Andrew

I am just trying to concentrate scattered discussions in one place. https://forum.openwrt.org/t/lets-talk-about-firewall4-nftables/231246

I am closing this Somebody remember to submit 3rd part in two years https://github.com/openwrt/firewall4/pull/22#issuecomment-2840172900

To emit expected rule - change: ```diff first line of /usr/share/firewall4/templates/rule.uc -{%+ if (rule.family && !rule.has_addrs): -%} +{%+ if (rule.family && !rule.has_addrs && length(rule.smacs_pos)!=null ): -%} ``` @jow- may explain...

@f00b4r0 any success editing file?

It does not break anything else, just removes proto specifier in exact reported case. I will make PR out of this, not dwelling into other similar situations I grepped. EDIT:...

@lorand-horvath you can copy single file over v23 or master its like 2 years pbr mtu still not ga

It is another pair of eyes, think of situation I accidentally make firewall pass all - your shout out would be certainly worth. Luckily this list filled is used only...

/1/ minimal heuristic would be to add only interfaces that are forward endpoints like br-lan and wan /2/ list is used as output interface of quickpath, ie packet enters normal...

Improved code by @jow- at https://github.com/openwrt/firewall4/commit/e00958884416f59b273595f941d198de63acc1dd achieves identical result.

Rule 1 is correctly generated. There is no raw/forward, it acts on any packet reaching the network card (after flowtable offload which is at even lower level) You can set...