summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/xtables.conf2
-rw-r--r--iptables/nft.c16
2 files changed, 9 insertions, 9 deletions
diff --git a/etc/xtables.conf b/etc/xtables.conf
index 1995b69f..6aee8aa8 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,9 +20,9 @@ family ipv4 {
table nat {
chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
- chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
chain INPUT hook NF_INET_LOCAL_IN prio -100
chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
}
table security {
diff --git a/iptables/nft.c b/iptables/nft.c
index daa5478a..b9820f12 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -200,10 +200,10 @@ static struct builtin_table {
.name = "nat",
.chains = {
{
- .name = "OUTPUT",
+ .name = "PREROUTING",
.type = "nat",
.prio = -100, /* NF_IP_PRI_NAT_DST */
- .hook = NF_INET_LOCAL_OUT,
+ .hook = NF_INET_PRE_ROUTING,
},
{
.name = "INPUT",
@@ -212,17 +212,17 @@ static struct builtin_table {
.hook = NF_INET_LOCAL_IN,
},
{
- .name = "PREROUTING",
- .type = "nat",
- .prio = -100, /* NF_IP_PRI_NAT_DST */
- .hook = NF_INET_PRE_ROUTING,
- },
- {
.name = "POSTROUTING",
.type = "nat",
.prio = 100, /* NF_IP_PRI_NAT_SRC */
.hook = NF_INET_POST_ROUTING,
},
+ {
+ .name = "OUTPUT",
+ .type = "nat",
+ .prio = -100, /* NF_IP_PRI_NAT_DST */
+ .hook = NF_INET_LOCAL_OUT,
+ },
},
},
};