firewall4: loopback device is ACCEPTED before include chain-prepend input
Jo-Philipp Wich
jo at mein.io
Wed Sep 6 07:14:32 PDT 2023
Hi,
> [...]
> Is there a reason why this decision was made, to add the custom include after
> the loopback interface?
Performance considerations, mostly. It violates pola though since it deviates
from the behavior of other chain includes, so I'm okay with moving the include
before the loopback check rule.
Can you whip up a patch for that? Don't forget to do the same for `output` as
well.
~ Jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20230906/dac3f00e/attachment.sig>
More information about the openwrt-devel
mailing list