From 17cc8d55e2074676dcd5596f8d87651081e25f80 Mon Sep 17 00:00:00 2001
From: Thomas Chevalier <avrstud@rezo-rm.fr>
Date: Thu, 19 May 2022 11:36:25 +0200
Subject: [PATCH] Remove problematic vmaps

---
 nftables.conf | 40 ++++++++++++++++++----------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

diff --git a/nftables.conf b/nftables.conf
index 301dd69..96919eb 100644
--- a/nftables.conf
+++ b/nftables.conf
@@ -71,31 +71,27 @@ table inet firewall {
 
 		# Filters on input interfaces. The final decision is not taken in the from_* chain,
 		# but instead packets return here for further processing. This is why `jump` is used here.
-		meta iif vmap {
-		    $if_users:         jump from_users,
-		    $if_deco:          jump from_deco,
-		    $if_prod:          jump from_prod,
-		    $if_dmz:           jump from_dmz,
-		    $if_switchs:       jump from_switchs,
-		    $if_federez:       jump from_federez,
-		    $if_renater:       jump from_renater,
-		    $if_dmz_wireguard: jump from_dmz_wireguard,
-		    $if_nerim:         jump from_nerim,
-		}
+		meta iif $if_users jump from_users
+		meta iif $if_deco jump from_deco
+		meta iif $if_prod jump from_prod
+		meta iif $if_dmz jump from_dmz
+		meta iif $if_switchs jump from_switchs
+		meta iif $if_federez jump from_federez
+		meta iif $if_renater jump from_renater
+		meta iif $if_dmz_wireguard jump from_dmz_wireguard
+		meta iif $if_nerim jump from_nerim
 
 		# Filters on output interfaces. Do not return: either drop or accept
 		# We use goto so we don't return to the calling chain after packets have been processed
-		meta oif vmap {
-		    $if_users:         goto to_users,
-		    $if_deco:          goto to_deco,
-		    $if_prod:          goto to_prod,
-		    $if_dmz:           goto to_dmz,
-		    $if_switchs:       goto to_switchs,
-		    $if_federez:       goto to_federez,
-		    $if_renater:       goto to_renater,
-		    $if_dmz_wireguard: goto to_dmz_wireguard,
-		    $if_nerim:         jump from_nerim
-		}
+		meta oif $if_users goto to_users
+		meta oif $if_deco goto to_deco
+		meta oif $if_prod goto to_prod
+		meta oif $if_dmz goto to_dmz
+		meta oif $if_switchs goto to_switchs
+		meta oif $if_federez goto to_federez
+		meta oif $if_renater goto to_renater
+		meta oif $if_dmz_wireguard goto to_dmz_wireguard
+		meta oif $if_nerim jump from_nerim
 
 		counter log prefix "Uncaught traffic:"
 	}