From 86eed10c9f2c42e0f50eb4e527a48ee9e63146f4 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@soleta.eu>
Date: Tue, 16 Jul 2013 22:18:47 +0200
Subject: nft: fix built-in chain ordering of the nat table

Should be:

% iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

instead of:

% xtables -L -n -t nat
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Reported-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
---
 etc/xtables.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/xtables.conf b/etc/xtables.conf
index 1995b69f..6aee8aa8 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,9 +20,9 @@ family ipv4 {
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 		chain INPUT hook NF_INET_LOCAL_IN prio -100
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
 	table security {
-- 
cgit v1.2.3