Slavko <linux@xxxxxxxxxx> wrote:
> Hi all,
>
> i encounter strange problem with reverse path filter in nftables,
> which i don't understand, thus i ask for help.
>
> Some background -- for long time i have on my desktop (with
> some bridges/veths for LXC, VirtualBox ifaces, and one dummy
> iface) this prerouting chain (to shorten it i removed counter and
> log parts):
>
> chain r_prerouting {
> type filter hook input priority raw; policy accept;
~~~~~
This is an input chain. The loopback bypass is restricted
to PRE_ROUTING before v6.15-rc1.
(This is an oversight, originally fib was rejected in input chain, and
when that restriction got lifted the lo bypass check wasn't adjusted).
