From bd9445863cb7586dfc9bafa64013d8636f838444 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 14 Mar 2017 20:12:30 +0100
Subject: files: provide 'raw' table equivalent

useful for the 'ct zone set' statement, it has to be done before
the conntrack lookup but preferrably after the defragmention hook.

In iptables, the functionality resides in the CT target which is
restricted to the raw table.  This provides the skeleton for nft.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 files/nftables/ipv4-raw | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 files/nftables/ipv4-raw

(limited to 'files/nftables/ipv4-raw')

diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw
new file mode 100644
index 00000000..19773ee8
--- /dev/null
+++ b/files/nftables/ipv4-raw
@@ -0,0 +1,6 @@
+#! @sbindir@nft -f
+
+table raw {
+	chain prerouting	{ type filter hook prerouting priority -300; }
+	chain output		{ type filter hook output priority -300; }
+}
-- 
cgit v1.2.3