diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-10 16:20:27 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:28 +0100 |
commit | 32c579fa6fa1155f316c202a95d3e946111891bd (patch) | |
tree | 35169b9cbec17510edc329a9cfbbe18f0f560834 /etc | |
parent | 8b9ea2e3f8d685a6b940691cabf5e82c96254747 (diff) |
xtables: support family in /etc/xtables.conf file
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/xtables.conf | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf index 6d26ffe4..1995b69f 100644 --- a/etc/xtables.conf +++ b/etc/xtables.conf @@ -1,31 +1,33 @@ -table raw { - chain PREROUTING hook NF_INET_PRE_ROUTING prio -300 - chain OUTPUT hook NF_INET_LOCAL_OUT prio -300 -} +family ipv4 { + table raw { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -300 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -300 + } -table mangle { - chain PREROUTING hook NF_INET_PRE_ROUTING prio -150 - chain INPUT hook NF_INET_LOCAL_IN prio -150 - chain FORWARD hook NF_INET_FORWARD prio -150 - chain OUTPUT hook NF_INET_LOCAL_OUT prio -150 - chain POSTROUTING hook NF_INET_POST_ROUTING prio -150 -} + table mangle { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -150 + chain INPUT hook NF_INET_LOCAL_IN prio -150 + chain FORWARD hook NF_INET_FORWARD prio -150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -150 + chain POSTROUTING hook NF_INET_POST_ROUTING prio -150 + } -table filter { - chain INPUT hook NF_INET_LOCAL_IN prio 0 - chain FORWARD hook NF_INET_FORWARD prio 0 - chain OUTPUT hook NF_INET_LOCAL_OUT prio 0 -} + table filter { + chain INPUT hook NF_INET_LOCAL_IN prio 0 + chain FORWARD hook NF_INET_FORWARD prio 0 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 0 + } -table nat { - chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 - chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 - chain INPUT hook NF_INET_LOCAL_IN prio -100 - chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 -} + table nat { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 + chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 + chain INPUT hook NF_INET_LOCAL_IN prio -100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + } -table security { - chain INPUT hook NF_INET_LOCAL_IN prio 150 - chain FORWARD hook NF_INET_FORWARD prio 150 - chain OUTPUT hook NF_INET_LOCAL_OUT prio 150 + table security { + chain INPUT hook NF_INET_LOCAL_IN prio 150 + chain FORWARD hook NF_INET_FORWARD prio 150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 150 + } } |