From d58192a8d2810271d5c6525dc66ba1e1ec3fd2b7 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 12 Feb 2020 22:39:44 +0100 Subject: [PATCH] doc: nft.8: Mention wildcard interface matching Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1763652 Upstream Status: nftables commit 03d45ad330a25 commit 03d45ad330a25323610648bb05f550e0fb9d65b2 Author: Phil Sutter Date: Thu Feb 6 12:24:51 2020 +0100 doc: nft.8: Mention wildcard interface matching Special meaning of asterisk in interface names wasn't described anywhere. Signed-off-by: Phil Sutter --- doc/primary-expression.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 5473d59..a5cab9d 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -36,6 +36,13 @@ add such a rule, it will stop matching if the interface gets renamed and it will match again in case interface gets deleted and later a new interface with the same name is created. +Like with iptables, wildcard matching on interface name prefixes is available for +*iifname* and *oifname* matches by appending an asterisk (*) character. Note +however that unlike iptables, nftables does not accept interface names +consisting of the wildcard character only - users are supposed to just skip +those always matching expressions. In order to match on literal asterisk +character, one may escape it using backslash (\). + .Meta expression types [options="header"] |================== -- 2.31.1