Would it be possible to add support for nftables meta expression “pkttype” for firewall rules? This would come in handy for some rules I’d like to implement.
nftables man page reference:
Table 29. Meta expression specific types
pkt_type – Packet type: host (addressed to local host), broadcast (to all), multicast (to group), other (addressed to another host).
https://wiki.nftables.org/wiki-nftables/index.php/Data_types#Other_types
Possible usage example:
rule 31 {
action accept
destination {
port 22
}
protocol tcp
pkttype host
state {
new enable
}
}
In addition to this, I wonder if some other meta expressions might be very useful for VyOS. For example, iface_type, to match any/all interfaces of a given type (ether, ppp, loopback, etc).
Thanks for reading!