diff options
-rw-r--r-- | etc/xtables.conf | 2 | ||||
-rw-r--r-- | iptables/nft.c | 16 |
2 files changed, 9 insertions, 9 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf index 1995b69f..6aee8aa8 100644 --- a/etc/xtables.conf +++ b/etc/xtables.conf @@ -20,9 +20,9 @@ family ipv4 { table nat { chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 - chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 chain INPUT hook NF_INET_LOCAL_IN prio -100 chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 } table security { diff --git a/iptables/nft.c b/iptables/nft.c index daa5478a..b9820f12 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -200,10 +200,10 @@ static struct builtin_table { .name = "nat", .chains = { { - .name = "OUTPUT", + .name = "PREROUTING", .type = "nat", .prio = -100, /* NF_IP_PRI_NAT_DST */ - .hook = NF_INET_LOCAL_OUT, + .hook = NF_INET_PRE_ROUTING, }, { .name = "INPUT", @@ -212,17 +212,17 @@ static struct builtin_table { .hook = NF_INET_LOCAL_IN, }, { - .name = "PREROUTING", - .type = "nat", - .prio = -100, /* NF_IP_PRI_NAT_DST */ - .hook = NF_INET_PRE_ROUTING, - }, - { .name = "POSTROUTING", .type = "nat", .prio = 100, /* NF_IP_PRI_NAT_SRC */ .hook = NF_INET_POST_ROUTING, }, + { + .name = "OUTPUT", + .type = "nat", + .prio = -100, /* NF_IP_PRI_NAT_DST */ + .hook = NF_INET_LOCAL_OUT, + }, }, }, }; |