[pve-devel] nftables 0.4 and kernel 3.19, still problem with physdevin|out

[Wolfgang Bumiller]

> oh ok, didn't known that. (still a bit confuse between bridge vs ip/inet tables)

I'm new to nft, too, but as far as I understand it's not actually much
different from iptables (from the outside anyway).
It's just that rather than having several tools managing chains, you
have a single tool managing tables containing the chains. Iow. bridge
stuff still goes into the bridge tables, ip stuff into the ip tables,
arp stuff into the arp tables.

There's also no complete documentation available yet. My current
favorite is the gentoo wiki.

> I don't known why, but I don't see any traffic in forward from bridge table. (input|output for bridge ip itself is working fine).
> forward in ip|inet table is working fine.
> 
> any idea ?

Not really. What kernels did you test and how are you viewing the
traffic? (Are you using the log action?)