diff options
author | Simon Ruderich <simon@ruderich.org> | 2021-03-09 11:53:30 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-24 14:19:31 +0100 |
commit | 8c226fabc63f21c00ea07b7d484053f797ce994c (patch) | |
tree | f62fe1e3daf55992c511781c8270437af457b941 /doc/primary-expression.txt | |
parent | b140b592cb74ce4f15ccc3850882bd7d93749109 (diff) |
doc: use symbolic names for chain priorities
This replaces the numbers with the matching symbolic names with one
exception: The NAT example used "priority 0" for the prerouting
priority. This is replaced by "dstnat" which has priority -100 which is
the new recommended priority.
Also use spaces instead of tabs for consistency in lines which require
updates.
Signed-off-by: Simon Ruderich <simon@ruderich.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/primary-expression.txt')
-rw-r--r-- | doc/primary-expression.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index e87e8cc2..c24e2636 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -221,7 +221,7 @@ boolean (1 bit) # exactly what you want). table inet x { chain y { - type filter hook prerouting priority -150; policy accept; + type filter hook prerouting priority mangle; policy accept; socket transparent 1 socket wildcard 0 mark set 0x00000001 accept } } @@ -229,7 +229,7 @@ table inet x { # Trace packets that corresponds to a socket with a mark value of 15 table inet x { chain y { - type filter hook prerouting priority -150; policy accept; + type filter hook prerouting priority mangle; policy accept; socket mark 0x0000000f nftrace set 1 } } @@ -237,7 +237,7 @@ table inet x { # Set packet mark to socket mark table inet x { chain y { - type filter hook prerouting priority -150; policy accept; + type filter hook prerouting priority mangle; policy accept; tcp dport 8080 mark set socket mark } } @@ -280,7 +280,7 @@ If no TTL attribute is passed, make a true IP header and fingerprint TTL true co # Accept packets that match the "Linux" OS genre signature without comparing TTL. table inet x { chain y { - type filter hook input priority 0; policy accept; + type filter hook input priority filter; policy accept; osf ttl skip name "Linux" } } |