diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-13 11:39:48 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-13 11:39:48 +0100 |
| commit | 03091e55a0d949e35a723dadbd6fd0f78ddf3a8c (patch) | |
| tree | 3ddb3b5d5813261bf8830a923a360ff50b3bb4b8 /etc | |
| parent | 2e5babbfaddb267523c8450acf51c06f00f492c7 (diff) | |
| parent | 1835790d7f7517f4c101e1c1f3df5519a6c228e7 (diff) | |
Merge branch 'nft-compat'
This merges the branch that contains the iptables over nftables
compatibility layer into master.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/xtables.conf | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf new file mode 100644 index 00000000..d37b0d7c --- /dev/null +++ b/etc/xtables.conf @@ -0,0 +1,75 @@ +family ipv4 { + table raw { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -300 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -300 + } + + table mangle { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -150 + chain INPUT hook NF_INET_LOCAL_IN prio -150 + chain FORWARD hook NF_INET_FORWARD prio -150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -150 + chain POSTROUTING hook NF_INET_POST_ROUTING prio -150 + } + + table filter { + chain INPUT hook NF_INET_LOCAL_IN prio 0 + chain FORWARD hook NF_INET_FORWARD prio 0 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 0 + } + + table nat { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 + chain INPUT hook NF_INET_LOCAL_IN prio -100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 + } + + table security { + chain INPUT hook NF_INET_LOCAL_IN prio 50 + chain FORWARD hook NF_INET_FORWARD prio 50 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 50 + } +} + +family ipv6 { + table raw { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -300 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -300 + } + + table mangle { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -150 + chain INPUT hook NF_INET_LOCAL_IN prio -150 + chain FORWARD hook NF_INET_FORWARD prio -150 + chain OUTPUT hook NF_INET_LOCAL_OUT prio -150 + chain POSTROUTING hook NF_INET_POST_ROUTING prio -150 + } + + table filter { + chain INPUT hook NF_INET_LOCAL_IN prio 0 + chain FORWARD hook NF_INET_FORWARD prio 0 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 0 + } + + table nat { + chain PREROUTING hook NF_INET_PRE_ROUTING prio -100 + chain INPUT hook NF_INET_LOCAL_IN prio -100 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 100 + chain POSTROUTING hook NF_INET_POST_ROUTING prio 100 + } + + table security { + chain INPUT hook NF_INET_LOCAL_IN prio 50 + chain FORWARD hook NF_INET_FORWARD prio 50 + chain OUTPUT hook NF_INET_LOCAL_OUT prio 50 + } +} + +family arp { + table filter { + chain INPUT hook NF_ARP_IN prio 0 + chain FORWARD hook NF_ARP_FORWARD prio 0 + chain OUTPUT hook NF_ARP_OUT prio 0 + } +}
\ No newline at end of file |