summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-03-10 11:43:32 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:27 +0100
commitc924c0cd07440aa9ce7465e2ba68fb266f07d7c3 (patch)
tree5ec709dd5a89fa8b80bec6d2ca0965d56634362e /etc
parentc1ee3f1849436d81579632a1cc8ba6a4b878fc3c (diff)
xtables-config: priority has to be per-chain to support
To support NAT table chain configuration appropriately. Modify example configuration file as well. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'etc')
-rw-r--r--etc/xtables.conf41
1 files changed, 24 insertions, 17 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf
index 00b5df4f..6d26ffe4 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -1,24 +1,31 @@
-table raw prio -300 {
- chain PREROUTING hook NF_INET_PRE_ROUTING
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table raw {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
}
-table mangle prio -150 {
- chain PREROUTING hook NF_INET_PRE_ROUTING
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
- chain POSTROUTING hook NF_INET_POST_ROUTING
+table mangle {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
+ chain INPUT hook NF_INET_LOCAL_IN prio -150
+ chain FORWARD hook NF_INET_FORWARD prio -150
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
}
-table filter prio 0 {
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table filter {
+ chain INPUT hook NF_INET_LOCAL_IN prio 0
+ chain FORWARD hook NF_INET_FORWARD prio 0
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
}
-table security prio 150 {
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table nat {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
+ chain INPUT hook NF_INET_LOCAL_IN prio -100
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+}
+
+table security {
+ chain INPUT hook NF_INET_LOCAL_IN prio 150
+ chain FORWARD hook NF_INET_FORWARD prio 150
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 150
}