diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/nftables/bridge-filter | 6 | ||||
-rw-r--r-- | files/nftables/ipv4-filter | 6 | ||||
-rw-r--r-- | files/nftables/ipv4-mangle | 6 | ||||
-rw-r--r-- | files/nftables/ipv4-nat | 6 | ||||
-rw-r--r-- | files/nftables/ipv6-filter | 6 | ||||
-rw-r--r-- | files/nftables/ipv6-mangle | 6 | ||||
-rw-r--r-- | files/nftables/ipv6-nat | 6 |
7 files changed, 23 insertions, 19 deletions
diff --git a/files/nftables/bridge-filter b/files/nftables/bridge-filter index ca306d48..54779c4a 100644 --- a/files/nftables/bridge-filter +++ b/files/nftables/bridge-filter @@ -1,7 +1,7 @@ #! nft -f table bridge filter { - chain input { hook NF_INET_LOCAL_IN -200; } - chain forward { hook NF_INET_FORWARD -200; } - chain output { hook NF_INET_LOCAL_OUT 200; } + chain input { type filter hook input priority -200; } + chain forward { type filter hook forward priority -200; } + chain output { type filter hook output priority 200; } } diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter index 3f962143..3174e7a9 100644 --- a/files/nftables/ipv4-filter +++ b/files/nftables/ipv4-filter @@ -1,7 +1,7 @@ #! nft -f table filter { - chain input { hook NF_INET_LOCAL_IN 0; } - chain forward { hook NF_INET_FORWARD 0; } - chain output { hook NF_INET_LOCAL_OUT 0; } + chain input { type filter hook input priority 0; } + chain forward { type filter hook forward priority 0; } + chain output { type filter hook output priority 0; } } diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle index 339cacea..27327d3b 100644 --- a/files/nftables/ipv4-mangle +++ b/files/nftables/ipv4-mangle @@ -1,9 +1,5 @@ #! nft -f table mangle { - chain prerouting { hook NF_INET_PRE_ROUTING -150; } - chain input { hook NF_INET_LOCAL_IN -150; } - chain forward { hook NF_INET_FORWARD -150; } - chain output { hook NF_INET_LOCAL_OUT -150; } - chain postrouting { hook NF_INET_POST_ROUTING -150; } + chain output { type route hook output priority -150; } } diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat new file mode 100644 index 00000000..99d69514 --- /dev/null +++ b/files/nftables/ipv4-nat @@ -0,0 +1,6 @@ +#! nft -f + +table nat { + chain prerouting { type nat hook prerouting priority -150; } + chain postrouting { type nat hook postrouting priority -150; } +} diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter index 9e412784..98fce02d 100644 --- a/files/nftables/ipv6-filter +++ b/files/nftables/ipv6-filter @@ -1,7 +1,7 @@ #! nft -f table ip6 filter { - chain input { hook NF_INET_LOCAL_IN 0; } - chain forward { hook NF_INET_FORWARD 0; } - chain output { hook NF_INET_LOCAL_OUT 0; } + chain input { type filter hook input priority 0; } + chain forward { type filter hook forward priority 0; } + chain output { type filter hook output priority 0; } } diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle index dc18c7a8..72743532 100644 --- a/files/nftables/ipv6-mangle +++ b/files/nftables/ipv6-mangle @@ -1,9 +1,5 @@ #! nft -f table ip6 mangle { - chain prerouting { hook NF_INET_PRE_ROUTING -150; } - chain input { hook NF_INET_LOCAL_IN -150; } - chain forward { hook NF_INET_FORWARD -150; } - chain output { hook NF_INET_LOCAL_OUT -150; } - chain postrouting { hook NF_INET_POST_ROUTING -150; } + chain output { type route hook output priority -150; } } diff --git a/files/nftables/ipv6-nat b/files/nftables/ipv6-nat new file mode 100644 index 00000000..33ecf9b6 --- /dev/null +++ b/files/nftables/ipv6-nat @@ -0,0 +1,6 @@ +#! nft -f + +table ip6 nat { + chain prerouting { type nat hook prerouting priority -150; } + chain postrouting { type nat hook postrouting priority -150; } +} |