@n.fort In that case then this functionality does seem to be working as designed, even if the pkttype matcher isn't behaving exactly as I expected it to for "host".

@n.fort
My judgement may have been too hasty. The commands are accepted by VyOS configure, but it looks like the meta pkttype host is being ignored by my new nftables rules. That is, all IP addresses are matching, not just actual VyOS host router IP addresses.

@n.fort I was too impatient to wait for a rolling build so I ran my own build of current post-merge.

@n.fort A quick test of this against latest rolling looks like it's working as expected for general firewall rules:

@n.fort @Viacheslav
Here is an example of what I am after for DNAT rule, specifically, using meta pkttype:

@n.fort I apologize for the late entry here - could this also be exposed for NAT rules?
Edit: wow you guys worked so fast on this it got pulled before I could add this request :D

@c-po Thank you for the work on this.

I experience the same problem of VyOS failing to add wlan0 to bridge, which persists in all 1.3-epa and 1.3-LTS versions, as well as 1.4 nightly builds.

@Viacheslav Yes, I have updated the system to 1.2.8-LTS. I will let you know if the disappearing openvpn tun interface reoccurs.

I agree it would be nice to have the Cisco Auth functionality, however, the original author of opennhrp themselves recommend using FRR nhrpd instead where possible. It appears that most effort going forward will be put into FRR's nhrpd, and not the original opennhrp.

@c-po @Viacheslav
Further news on this topic - FRR 8.0 released yesterday (7/29) which includes the aforementioned nhrpd multicast improvements, among a lot of other nice things:

@c-po There is some recent news on FRR's NHRPD and multicast support it seems, please see here:

@syncer
Sorry to dredge up an old bug, but I believe I've hit this today on 1.2.7-LTS myself. Per @zsdc's original description, It seems that when you configure: