diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-10 11:43:32 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:27 +0100 |
commit | c924c0cd07440aa9ce7465e2ba68fb266f07d7c3 (patch) | |
tree | 5ec709dd5a89fa8b80bec6d2ca0965d56634362e /etc | |
parent | c1ee3f1849436d81579632a1cc8ba6a4b878fc3c (diff) |
xtables-config: priority has to be per-chain to support
To support NAT table chain configuration appropriately. Modify example
configuration file as well.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/xtables.conf | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf index 00b5df4f..6d26ffe4 100644 --- a/etc/xtables.conf +++ b/etc/xtables.conf @@ -1,24 +1,31 @@ -table raw prio -300 { - chain PREROUTING hook NF_INET_PRE_ROUTING - chain OUTPUT hook NF_INET_LOCAL_OUT +table raw { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -300 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -300 } -table mangle prio -150 { - chain PREROUTING hook NF_INET_PRE_ROUTING - chain INPUT hook NF_INET_LOCAL_IN - chain FORWARD hook NF_INET_FORWARD - chain OUTPUT hook NF_INET_LOCAL_OUT - chain POSTROUTING hook NF_INET_POST_ROUTING +table mangle { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -150 + chain INPUT hook NF_INET_LOCAL_IN prio -150 + chain FORWARD hook NF_INET_FORWARD prio -150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -150 + chain POSTROUTING hook NF_INET_POST_ROUTING prio -150 } -table filter prio 0 { - chain INPUT hook NF_INET_LOCAL_IN - chain FORWARD hook NF_INET_FORWARD - chain OUTPUT hook NF_INET_LOCAL_OUT +table filter { + chain INPUT hook NF_INET_LOCAL_IN prio 0 + chain FORWARD hook NF_INET_FORWARD prio 0 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 0 } -table security prio 150 { - chain INPUT hook NF_INET_LOCAL_IN - chain FORWARD hook NF_INET_FORWARD - chain OUTPUT hook NF_INET_LOCAL_OUT +table nat { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 + chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 + chain INPUT hook NF_INET_LOCAL_IN prio -100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 +} + +table security { + chain INPUT hook NF_INET_LOCAL_IN prio 150 + chain FORWARD hook NF_INET_FORWARD prio 150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 150 } |