diff options
authorPhil Sutter <>2020-02-06 12:24:51 +0100
committerPhil Sutter <>2020-02-10 12:33:51 +0100
commit03d45ad330a25323610648bb05f550e0fb9d65b2 (patch)
parent2b838df32eb2b878d3053a24601727055fa11353 (diff)
doc: nft.8: Mention wildcard interface matching
Special meaning of asterisk in interface names wasn't described anywhere. Signed-off-by: Phil Sutter <>
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 94eccc20..b5488790 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -36,6 +36,13 @@ add such a rule, it will stop matching if the interface gets renamed and it
will match again in case interface gets deleted and later a new interface
with the same name is created.
+Like with iptables, wildcard matching on interface name prefixes is available for
+*iifname* and *oifname* matches by appending an asterisk (*) character. Note
+however that unlike iptables, nftables does not accept interface names
+consisting of the wildcard character only - users are supposed to just skip
+those always matching expressions. In order to match on literal asterisk
+character, one may escape it using backslash (\).
.Meta expression types