On 3.06.21 17:49, Arturo Borrero Gonzalez wrote: > On 6/3/21 5:26 PM, F.Stoyan wrote: > > > > nftables runs to early at system boot. At this time not all interfaces are > > available: > > > > # journalctl -b -3 --unit=systemd-networkd.service --unit=nftables.service > > --no-hostname > > -- Journal begins at Fri 2021-05-28 15:13:07 CEST, ends at Thu 2021-06-03 > > 17:08:05 CEST. -- > > Jun 03 15:18:23 nft[414]: /etc/nftables.conf:12:21-31: Error: Interface > > does not exist > > Jun 03 15:18:23 nft[414]: define SSID-MEDIA = enp1s0f0.66 > > Jun 03 15:18:23 nft[414]: ^^^^^^^^^^^ > > Jun 03 15:18:23 nft[414]: /etc/nftables.conf:11:21-31: Error: Interface > > does not exist > > Jun 03 15:18:23 nft[414]: define SSID-LABOR = enp1s0f0.65 > > Jun 03 15:18:23 nft[414]: ^^^^^^^^^^^ > > I guess you are using interface index in your ruleset, rather than interface
Yes, indeed! > names. If you use interface name (i.e, iffname oifname etc) then the > interface don't need to exist when loading the ruleset. > > Loading the ruleset *before* the interfaces are up ensures that no network > traffic bypass the firewall policy. > > Is up to you to configure the systemd unit to load before/after the network. Thanks for the explanation. So everything is clear now. I think you can close the bugreport. Best regards F. Stoyan
