files: add arp filter and add in/output to nat skeleton

Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-08-23 17:54:19 +0200
committer: Florian Westphal <fw@strlen.de> 2017-08-23 23:42:13 +0200
commit: c06413211e6f5f8720fa75909f84b6c0b8c17d68 (patch)
tree: a41990f4cb9943d3eb16e0cec9679ee8aa9b8dc4 /files/nftables/ipv4-nat
parent: 17841a1975cd1c4346f243144f775a8cb17c50b5 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
index 01c6c3d8..130a729b 100644
--- a/files/nftables/ipv4-nat
+++ b/files/nftables/ipv4-nat
@@ -1,6 +1,8 @@
 #! @sbindir@nft -f
 
 table nat {
-	chain prerouting	{ type nat hook prerouting priority -150; }
-	chain postrouting	{ type nat hook postrouting priority -150; }
+	chain prerouting	{ type nat hook prerouting priority -100; }
+	chain input		{ type nat hook input priority 100; }
+	chain output		{ type nat hook output priority -100; }
+	chain postrouting	{ type nat hook postrouting priority 100; }
 }
author	Florian Westphal <fw@strlen.de>	2017-08-23 17:54:19 +0200
committer	Florian Westphal <fw@strlen.de>	2017-08-23 23:42:13 +0200
commit	c06413211e6f5f8720fa75909f84b6c0b8c17d68 (patch)
tree	a41990f4cb9943d3eb16e0cec9679ee8aa9b8dc4 /files/nftables/ipv4-nat
parent	17841a1975cd1c4346f243144f775a8cb17c50b5 (diff)