diff options
author | Simon Ruderich <simon@ruderich.org> | 2021-03-09 11:53:30 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-24 14:19:31 +0100 |
commit | 8c226fabc63f21c00ea07b7d484053f797ce994c (patch) | |
tree | f62fe1e3daf55992c511781c8270437af457b941 /doc/nft.txt | |
parent | b140b592cb74ce4f15ccc3850882bd7d93749109 (diff) |
doc: use symbolic names for chain priorities
This replaces the numbers with the matching symbolic names with one
exception: The NAT example used "priority 0" for the prerouting
priority. This is replaced by "dstnat" which has priority -100 which is
the new recommended priority.
Also use spaces instead of tabs for consistency in lines which require
updates.
Signed-off-by: Simon Ruderich <simon@ruderich.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/nft.txt')
-rw-r--r-- | doc/nft.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/nft.txt b/doc/nft.txt index e4f32179..55747036 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -319,7 +319,7 @@ nft --interactive create table inet mytable # add a new base chain: get input packets -add chain inet mytable myin { type filter hook input priority 0; } +add chain inet mytable myin { type filter hook input priority filter; } # add a single counter to the chain add rule inet mytable myin counter @@ -487,7 +487,7 @@ nft add rule ip filter output ip daddr 192.168.0.0/24 accept # nft -a list ruleset table inet filter { chain input { - type filter hook input priority 0; policy accept; + type filter hook input priority filter; policy accept; ct state established,related accept # handle 4 ip saddr 10.1.1.1 tcp dport ssh accept # handle 5 ... |