From b633ef9ac0cfaf9371374a9826493db114307b81 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 2 May 2018 18:29:51 +0200
Subject: xtables.conf: fix hook skeletons

nat prio for in/out were inverted.
arp no longer has a forward chain.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 etc/xtables.conf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'etc')

diff --git a/etc/xtables.conf b/etc/xtables.conf
index d37b0d7c..3c54ced0 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,8 +20,8 @@ family ipv4 {
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio -100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain INPUT hook NF_INET_LOCAL_IN prio 100
+		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
@@ -54,8 +54,8 @@ family ipv6 {
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio -100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain INPUT hook NF_INET_LOCAL_IN prio 100
+		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
@@ -69,7 +69,6 @@ family ipv6 {
 family arp {
 	table filter {
 		chain INPUT hook NF_ARP_IN prio 0
-		chain FORWARD hook NF_ARP_FORWARD prio 0
 		chain OUTPUT hook NF_ARP_OUT prio 0
 	}
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3