summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-05-02 18:29:51 +0200
committerFlorian Westphal <fw@strlen.de>2018-05-04 23:24:55 +0200
commitb633ef9ac0cfaf9371374a9826493db114307b81 (patch)
treea658d6b7acfa3d916abb07e06a2d6354c8efeaf7
parent7af21782bb6fc3480909120c20a55164248a9608 (diff)
xtables.conf: fix hook skeletons
nat prio for in/out were inverted. arp no longer has a forward chain. Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--etc/xtables.conf11
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf
index d37b0d7c..3c54ced0 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,8 +20,8 @@ family ipv4 {
table nat {
chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
- chain INPUT hook NF_INET_LOCAL_IN prio -100
- chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+ chain INPUT hook NF_INET_LOCAL_IN prio 100
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
}
@@ -54,8 +54,8 @@ family ipv6 {
table nat {
chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
- chain INPUT hook NF_INET_LOCAL_IN prio -100
- chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+ chain INPUT hook NF_INET_LOCAL_IN prio 100
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
}
@@ -69,7 +69,6 @@ family ipv6 {
family arp {
table filter {
chain INPUT hook NF_ARP_IN prio 0
- chain FORWARD hook NF_ARP_FORWARD prio 0
chain OUTPUT hook NF_ARP_OUT prio 0
}
-} \ No newline at end of file
+}