summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--files/nftables/bridge-filter6
-rw-r--r--files/nftables/ipv4-filter6
-rw-r--r--files/nftables/ipv4-mangle6
-rw-r--r--files/nftables/ipv4-nat6
-rw-r--r--files/nftables/ipv6-filter6
-rw-r--r--files/nftables/ipv6-mangle6
-rw-r--r--files/nftables/ipv6-nat6
7 files changed, 23 insertions, 19 deletions
diff --git a/files/nftables/bridge-filter b/files/nftables/bridge-filter
index ca306d48..54779c4a 100644
--- a/files/nftables/bridge-filter
+++ b/files/nftables/bridge-filter
@@ -1,7 +1,7 @@
#! nft -f
table bridge filter {
- chain input { hook NF_INET_LOCAL_IN -200; }
- chain forward { hook NF_INET_FORWARD -200; }
- chain output { hook NF_INET_LOCAL_OUT 200; }
+ chain input { type filter hook input priority -200; }
+ chain forward { type filter hook forward priority -200; }
+ chain output { type filter hook output priority 200; }
}
diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter
index 3f962143..3174e7a9 100644
--- a/files/nftables/ipv4-filter
+++ b/files/nftables/ipv4-filter
@@ -1,7 +1,7 @@
#! nft -f
table filter {
- chain input { hook NF_INET_LOCAL_IN 0; }
- chain forward { hook NF_INET_FORWARD 0; }
- chain output { hook NF_INET_LOCAL_OUT 0; }
+ chain input { type filter hook input priority 0; }
+ chain forward { type filter hook forward priority 0; }
+ chain output { type filter hook output priority 0; }
}
diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle
index 339cacea..27327d3b 100644
--- a/files/nftables/ipv4-mangle
+++ b/files/nftables/ipv4-mangle
@@ -1,9 +1,5 @@
#! nft -f
table mangle {
- chain prerouting { hook NF_INET_PRE_ROUTING -150; }
- chain input { hook NF_INET_LOCAL_IN -150; }
- chain forward { hook NF_INET_FORWARD -150; }
- chain output { hook NF_INET_LOCAL_OUT -150; }
- chain postrouting { hook NF_INET_POST_ROUTING -150; }
+ chain output { type route hook output priority -150; }
}
diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
new file mode 100644
index 00000000..99d69514
--- /dev/null
+++ b/files/nftables/ipv4-nat
@@ -0,0 +1,6 @@
+#! nft -f
+
+table nat {
+ chain prerouting { type nat hook prerouting priority -150; }
+ chain postrouting { type nat hook postrouting priority -150; }
+}
diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter
index 9e412784..98fce02d 100644
--- a/files/nftables/ipv6-filter
+++ b/files/nftables/ipv6-filter
@@ -1,7 +1,7 @@
#! nft -f
table ip6 filter {
- chain input { hook NF_INET_LOCAL_IN 0; }
- chain forward { hook NF_INET_FORWARD 0; }
- chain output { hook NF_INET_LOCAL_OUT 0; }
+ chain input { type filter hook input priority 0; }
+ chain forward { type filter hook forward priority 0; }
+ chain output { type filter hook output priority 0; }
}
diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle
index dc18c7a8..72743532 100644
--- a/files/nftables/ipv6-mangle
+++ b/files/nftables/ipv6-mangle
@@ -1,9 +1,5 @@
#! nft -f
table ip6 mangle {
- chain prerouting { hook NF_INET_PRE_ROUTING -150; }
- chain input { hook NF_INET_LOCAL_IN -150; }
- chain forward { hook NF_INET_FORWARD -150; }
- chain output { hook NF_INET_LOCAL_OUT -150; }
- chain postrouting { hook NF_INET_POST_ROUTING -150; }
+ chain output { type route hook output priority -150; }
}
diff --git a/files/nftables/ipv6-nat b/files/nftables/ipv6-nat
new file mode 100644
index 00000000..33ecf9b6
--- /dev/null
+++ b/files/nftables/ipv6-nat
@@ -0,0 +1,6 @@
+#! nft -f
+
+table ip6 nat {
+ chain prerouting { type nat hook prerouting priority -150; }
+ chain postrouting { type nat hook postrouting priority -150; }
+}