diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-03-09 14:44:21 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-03-10 12:25:03 +0100 |
| commit | 5d795c183c02332d3b30e08e23f3fb47ad8be6bb (patch) | |
| tree | 9250d348abdfb8d7fe9d0e1c228922c4f23a4732 /doc | |
| parent | a96404358f74d67d6b96758f4b236fec9c4fea45 (diff) | |
doc: nft.8: Document lower priority limit for nat type chains
Users can't know the magic limit.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/nft.txt | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/nft.txt b/doc/nft.txt index 7de4935b..0d60c752 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -439,6 +439,9 @@ name which specifies the order in which chains with the same *hook* value are traversed. The ordering is ascending, i.e. lower priority values have precedence over higher ones. +With *nat* type chains, there's a lower excluding limit of -200 for *priority* +values, because conntrack hooks at this priority and NAT requires it. + Standard priority values can be replaced with easily memorizable names. Not all names make sense in every family with every hook (see the compatibility matrices below) but their numerical value can still be used for prioritizing chains. |