doc: document add chain device parameter

nft add chain lacked documentation of its optional device parameter, specifically what values the parameter accepted, what it did and when to use it. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1093 Suggested-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Brennan Paciorek <bpaciore@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Brennan Paciorek <bpaciore@redhat.com> 2023-08-02 14:29:47 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-08-03 09:47:49 +0200
commit: aef2a35f67160fd4447f2a7585baf379866eefb2 (patch)
tree: f15b52a19f3357a40433f01473ecc8df8f19446e /doc/nft.txt
parent: 8e603e0f7eec7c0000344a004228a30fbf0ece5c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/nft.txt b/doc/nft.txt
index fe123d04..7e47ca39 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -434,6 +434,11 @@ further quirks worth noticing:
   *prerouting*, *input*, *forward*, *output*, *postrouting* and this *ingress*
   hook.
 
+The *device* parameter accepts a network interface name as a string, and is
+required when adding a base chain that filters traffic on the ingress or
+egress hooks. Any ingress or egress chains will only filter traffic from the
+interface specified in the *device* parameter.
+
 The *priority* parameter accepts a signed integer value or a standard priority
 name which specifies the order in which chains with the same *hook* value are
 traversed. The ordering is ascending, i.e. lower priority values have precedence
author	Brennan Paciorek <bpaciore@redhat.com>	2023-08-02 14:29:47 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-08-03 09:47:49 +0200
commit	aef2a35f67160fd4447f2a7585baf379866eefb2 (patch)
tree	f15b52a19f3357a40433f01473ecc8df8f19446e /doc/nft.txt
parent	8e603e0f7eec7c0000344a004228a30fbf0ece5c (diff)