From 1d06c44847ea4ebca7cc114902d149041476fc00 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 10:33:30 +0000
Subject: [PATCH] Match interfaces by name so we can start nftables before they
 exist

---
 .../networking/templates/default/nftables.conf.erb     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index a3dae7143..8594cc244 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -112,7 +112,7 @@ table inet filter {
     type filter hook input priority filter;
 
 <%- unless @interfaces.empty? %>
-    iif { $external-interfaces } jump incoming
+    iifname { $external-interfaces } jump incoming
 <%- end %>
 
     accept
@@ -122,8 +122,8 @@ table inet filter {
     type filter hook forward priority filter;
 
 <%- unless @interfaces.empty? %>
-    iif { $external-interfaces } jump incoming
-    oif { $external-interfaces } jump outgoing
+    iifname { $external-interfaces } jump incoming
+    oifname { $external-interfaces } jump outgoing
 <%- end %>
 
     accept
@@ -133,7 +133,7 @@ table inet filter {
     type filter hook output priority filter;
 
 <%- unless @interfaces.empty? %>
-    oif { $external-interfaces } jump outgoing
+    oifname { $external-interfaces } jump outgoing
 <%- end %>
 
     accept
@@ -147,7 +147,7 @@ table ip nat {
 
 <%- node.interfaces(:role => :external, :family => :inet).each do |external| %>
 <%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %>
-    oif { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
+    oifname { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
 <%- end %>
 <%- end %>
   }
-- 
2.39.5