<thefloweringash>
mdlayher: no, I mean use iifname and oifname instead of oif and iif. IIUC, iifname and oifname are string matches, and can even have wildcards, so they don't need the interface at load time, while oif and iif are interface index matches, so they need to translate the name of an existing interface to its index at load time
<mdlayher>
@thefloweringash:matrix.org: ah interesting! I am using iifname at the moment but I'll have to do more research
<andi->
As far as I know it does the string->ifindex translation whenever something changes on your interfaces so it should be safe to use that. It is not done for every packet that your firewall handles.
<andi->
what is a valid use case for interface index based firewalling? Is there some way to crate an IF but only know it's ID and not the name/
phyfey[m] has quit [Ping timeout: 246 seconds]
Dandellion has quit [Ping timeout: 246 seconds]
mdlayher has quit [Ping timeout: 246 seconds]
dtz has quit [Ping timeout: 245 seconds]
Ox4A6F has quit [Ping timeout: 250 seconds]
thefloweringash has quit [Ping timeout: 246 seconds]
Ox4A6F has joined #nixos-on-your-router
dtz has joined #nixos-on-your-router
Dandellion has joined #nixos-on-your-router
phyfey[m] has joined #nixos-on-your-router
mdlayher has joined #nixos-on-your-router
thefloweringash has joined #nixos-on-your-router
Ox4A6F has quit [Read error: Connection reset by peer]
Dandellion has quit [Read error: Connection reset by peer]
thefloweringash has quit [Remote host closed the connection]
mdlayher has quit [Read error: Connection reset by peer]
dtz has quit [Remote host closed the connection]
phyfey[m] has quit [Remote host closed the connection]
mdlayher has joined #nixos-on-your-router
<mdlayher>
thefloweringash: i just realized i was using both iif and iifname in my configs. wow. thank you for the hint, it didn't even occur to me to scrutinize further :)