NFTables.Expr.Layer2 (NFTables v0.8.2)
View SourceLayer 2 (MAC, interface, VLAN) matching functions for Expr.
Provides functions for matching MAC addresses, network interfaces, and VLAN tags. Essential for bridge filtering, VLAN-aware firewalls, and interface-based routing.
Import
import NFTables.Expr.Layer2Examples
# MAC address filtering
source_mac("aa:bb:cc:dd:ee:ff") |> drop()
# Interface-based rules
iif("eth0") |> accept()
oif("wan0") |> masquerade()
# VLAN filtering
vlan_id(100) |> accept()
vlan_pcp(7) |> counter()For more information, see the nftables bridge filtering wiki.
Summary
Functions
Match destination MAC address.
Match input interface name
Match output interface name
Match source MAC address.
Match VLAN ID.
Match VLAN priority (PCP).
Functions
@spec dest_mac(NFTables.Expr.t(), String.t()) :: NFTables.Expr.t()
Match destination MAC address.
Example
builder |> dest_mac("aa:bb:cc:dd:ee:ff")@spec iif(NFTables.Expr.t(), String.t()) :: NFTables.Expr.t()
Match input interface name
@spec oif(NFTables.Expr.t(), String.t()) :: NFTables.Expr.t()
Match output interface name
@spec source_mac(NFTables.Expr.t(), String.t()) :: NFTables.Expr.t()
Match source MAC address.
Example
builder |> source_mac("aa:bb:cc:dd:ee:ff")@spec vlan_id(NFTables.Expr.t(), non_neg_integer()) :: NFTables.Expr.t()
Match VLAN ID.
Used for VLAN-aware bridge filtering.
Example
# Match VLAN 100
builder |> vlan_id(100) |> accept()
# Match VLAN range (using multiple rules)
builder |> vlan_id(50) |> jump("vlan_50")@spec vlan_pcp(NFTables.Expr.t(), non_neg_integer()) :: NFTables.Expr.t()
Match VLAN priority (PCP).
Example
# Match high priority VLAN traffic
builder |> vlan_pcp(7) |> accept()