From c06413211e6f5f8720fa75909f84b6c0b8c17d68 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 23 Aug 2017 17:54:19 +0200
Subject: files: add arp filter and add in/output to nat skeleton

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 files/nftables/ipv4-nat | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'files/nftables/ipv4-nat')

diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
index 01c6c3d8..130a729b 100644
--- a/files/nftables/ipv4-nat
+++ b/files/nftables/ipv4-nat
@@ -1,6 +1,8 @@
 #! @sbindir@nft -f
 
 table nat {
-	chain prerouting	{ type nat hook prerouting priority -150; }
-	chain postrouting	{ type nat hook postrouting priority -150; }
+	chain prerouting	{ type nat hook prerouting priority -100; }
+	chain input		{ type nat hook input priority 100; }
+	chain output		{ type nat hook output priority -100; }
+	chain postrouting	{ type nat hook postrouting priority 100; }
 }
-- 
cgit v1.2.3