diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-02 18:29:51 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-04 23:24:55 +0200 |
commit | b633ef9ac0cfaf9371374a9826493db114307b81 (patch) | |
tree | a658d6b7acfa3d916abb07e06a2d6354c8efeaf7 /etc | |
parent | 7af21782bb6fc3480909120c20a55164248a9608 (diff) |
xtables.conf: fix hook skeletons
nat prio for in/out were inverted.
arp no longer has a forward chain.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/xtables.conf | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf index d37b0d7c..3c54ced0 100644 --- a/etc/xtables.conf +++ b/etc/xtables.conf @@ -20,8 +20,8 @@ family ipv4 { table nat { chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 - chain INPUT hook NF_INET_LOCAL_IN prio -100 - chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + chain INPUT hook NF_INET_LOCAL_IN prio 100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -100 chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 } @@ -54,8 +54,8 @@ family ipv6 { table nat { chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 - chain INPUT hook NF_INET_LOCAL_IN prio -100 - chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + chain INPUT hook NF_INET_LOCAL_IN prio 100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -100 chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 } @@ -69,7 +69,6 @@ family ipv6 { family arp { table filter { chain INPUT hook NF_ARP_IN prio 0 - chain FORWARD hook NF_ARP_FORWARD prio 0 chain OUTPUT hook NF_ARP_OUT prio 0 } -}
\ No newline at end of file +} |