nft: fix built-in chain ordering of the nat table

Should be: % iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination instead of: % xtables -L -n -t nat Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Reported-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
author: Pablo Neira Ayuso <pablo@soleta.eu> 2013-07-16 22:18:47 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-30 23:50:38 +0100
commit: 86eed10c9f2c42e0f50eb4e527a48ee9e63146f4 (patch)
tree: e88999d765d469495ff906e19ef8b41ad916098e /etc
parent: 15539a1f5689beb00a84df87d698ee8f06824bb9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf
index 1995b69f..6aee8aa8 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,9 +20,9 @@ family ipv4 {
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 		chain INPUT hook NF_INET_LOCAL_IN prio -100
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
 	table security {
author	Pablo Neira Ayuso <pablo@soleta.eu>	2013-07-16 22:18:47 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-30 23:50:38 +0100
commit	86eed10c9f2c42e0f50eb4e527a48ee9e63146f4 (patch)
tree	e88999d765d469495ff906e19ef8b41ad916098e /etc
parent	15539a1f5689beb00a84df87d698ee8f06824bb9 (diff)