From cac2affdc1f907334036b4cc32164db1080b74df Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Wed, 30 Jul 2025 23:18:50 +0800
Subject: use iifname so nft still work if interface does not exist

---
 configs/configs_root_dir/etc/nftables_phantun_wg_server.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'configs/configs_root_dir')

diff --git a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
index 4c7d084..0d803d8 100644
--- a/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
+++ b/configs/configs_root_dir/etc/nftables_phantun_wg_server.conf
@@ -74,8 +74,8 @@ table inet nat {
 	chain prerouting {
 		type nat hook prerouting priority dstnat
 		policy accept
-		iif $pub_iface tcp dport 59083 dnat ip to 10.0.2.2
-		iif $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2
+		iifname $pub_iface tcp dport 59083 dnat ip to 10.0.2.2
+		iifname $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2
 	}
 	# newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/
 	# for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface
-- 
cgit v1.2.3-70-g09d2