Or more generally, before binding a flow to a netchannel:
1) find all netfilter rules that would apply to the flow.
2) If the hardware end of the netchannel can implement those
restirctions then proceed, otherwise don't assign the
netchannel directly to the hardware.
The rule you cited deals with the easy subset: there are
no rules that apply once the connection is established.
And obviously any hardware would be able to implement
zero rules. But other hardware may be able to implement
*some* rules, the most important plausible probably being
to count every packet within the connection.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds