summaryrefslogtreecommitdiffstats
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rw-r--r--files/nftables/Makefile.am3
-rw-r--r--files/nftables/arp-filter6
-rw-r--r--files/nftables/ipv4-nat6
-rw-r--r--files/nftables/ipv6-nat6
4 files changed, 16 insertions, 5 deletions
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
index a4c7ac7c..77d5c2a6 100644
--- a/files/nftables/Makefile.am
+++ b/files/nftables/Makefile.am
@@ -1,6 +1,7 @@
pkgsysconfdir = ${sysconfdir}/nftables
-dist_pkgsysconf_DATA = bridge-filter \
+dist_pkgsysconf_DATA = arp-filter \
+ bridge-filter \
inet-filter \
ipv4-filter \
ipv4-mangle \
diff --git a/files/nftables/arp-filter b/files/nftables/arp-filter
new file mode 100644
index 00000000..bcabf28a
--- /dev/null
+++ b/files/nftables/arp-filter
@@ -0,0 +1,6 @@
+#! @sbindir@nft -f
+
+table arp filter {
+ chain input { type filter hook input priority 0; }
+ chain output { type filter hook output priority 0; }
+}
diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
index 01c6c3d8..130a729b 100644
--- a/files/nftables/ipv4-nat
+++ b/files/nftables/ipv4-nat
@@ -1,6 +1,8 @@
#! @sbindir@nft -f
table nat {
- chain prerouting { type nat hook prerouting priority -150; }
- chain postrouting { type nat hook postrouting priority -150; }
+ chain prerouting { type nat hook prerouting priority -100; }
+ chain input { type nat hook input priority 100; }
+ chain output { type nat hook output priority -100; }
+ chain postrouting { type nat hook postrouting priority 100; }
}
diff --git a/files/nftables/ipv6-nat b/files/nftables/ipv6-nat
index 3f57c56d..e7816860 100644
--- a/files/nftables/ipv6-nat
+++ b/files/nftables/ipv6-nat
@@ -1,6 +1,8 @@
#! @sbindir@nft -f
table ip6 nat {
- chain prerouting { type nat hook prerouting priority -150; }
- chain postrouting { type nat hook postrouting priority -150; }
+ chain prerouting { type nat hook prerouting priority -100; }
+ chain input { type nat hook input priority 100; }
+ chain output { type nat hook output priority -100; }
+ chain postrouting { type nat hook postrouting priority 100; }
}