jow-
commented
1 year ago NAK, this will break for example the following rule:
config rule
option src *
option dest wan
option proto 42
option target DROPDue to the removal of the egress interface matches, the above rule would drop any forwarded protocol 42 traffic, not just traffic directed at one of the wan zone devices.
Also the jumps leading up the $action_to_$zone chains match the ingress devices (iif / iifname) while the matches you removed match the egress ones (oif / oifname).
brada4
Interface name list per zone is already filtered in basic chains then via jumps the arriving traffic is only that already filtered by interfaces. Just dont emit 2nd {nterface list} @jow-
Signed-Off-By:
Andris PE <neandris..gmail.com>