From 34ce4e4a7bb61dbf8ce7b3d018a36ab08fb6faf3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1t=C3=A9=20Eckl?= <ecklm94@gmail.com>
Date: Fri, 24 Aug 2018 17:47:15 +0200
Subject: test: shell: Test cases for standard chain prios
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/chains/0021prio_0            |   97 ++
 tests/shell/testcases/chains/0022prio_dummy_1      |    7 +
 .../shell/testcases/chains/0023prio_inet_srcnat_1  |   16 +
 .../shell/testcases/chains/0024prio_inet_dstnat_1  |   16 +
 tests/shell/testcases/chains/0025prio_arp_1        |   17 +
 tests/shell/testcases/chains/0026prio_netdev_1     |   15 +
 .../testcases/chains/0027prio_bridge_dstnat_1      |   15 +
 tests/shell/testcases/chains/0028prio_bridge_out_1 |   15 +
 .../testcases/chains/0029prio_bridge_srcnat_1      |   15 +
 tests/shell/testcases/chains/dumps/0021prio_0.nft  | 1546 ++++++++++++++++++++
 10 files changed, 1759 insertions(+)
 create mode 100755 tests/shell/testcases/chains/0021prio_0
 create mode 100755 tests/shell/testcases/chains/0022prio_dummy_1
 create mode 100755 tests/shell/testcases/chains/0023prio_inet_srcnat_1
 create mode 100755 tests/shell/testcases/chains/0024prio_inet_dstnat_1
 create mode 100755 tests/shell/testcases/chains/0025prio_arp_1
 create mode 100755 tests/shell/testcases/chains/0026prio_netdev_1
 create mode 100755 tests/shell/testcases/chains/0027prio_bridge_dstnat_1
 create mode 100755 tests/shell/testcases/chains/0028prio_bridge_out_1
 create mode 100755 tests/shell/testcases/chains/0029prio_bridge_srcnat_1
 create mode 100644 tests/shell/testcases/chains/dumps/0021prio_0.nft

(limited to 'tests/shell/testcases/chains')

diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0
new file mode 100755
index 00000000..ada1d92a
--- /dev/null
+++ b/tests/shell/testcases/chains/0021prio_0
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+set -e
+
+format_offset () {
+	i=$1
+	if ((i == 0))
+	then
+		echo ""
+	elif ((i > 0))
+	then
+		echo "+$i"
+	else
+		echo "$i"
+	fi
+}
+
+chainname () {
+	hook=$1
+	prioname=$2
+	priooffset=$3
+
+	echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp"
+}
+
+gen_chains () {
+	family=$1
+	hook=$2
+	prioname=$3
+
+	for i in -11 -10 0 10 11
+	do
+		offset=`format_offset $i`
+		$NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }"
+	done
+}
+
+for family in ip ip6 inet
+do
+	$NFT add table $family x
+	for hook in prerouting input forward output postrouting
+	do
+		for prioname in raw mangle filter security
+		do
+			gen_chains $family $hook $prioname
+		done
+	done
+
+	hook=prerouting
+		prioname=dstnat
+			gen_chains $family $hook $prioname
+
+	hook=postrouting
+		prioname=srcnat
+			gen_chains $family $hook $prioname
+done
+
+
+family=arp
+	$NFT add table $family x
+	for hook in input output
+	do
+		prioname=filter
+			gen_chains $family $hook $prioname
+	done
+
+
+family=netdev
+	$NFT add table $family x
+	hook=ingress
+		prioname=filter
+			for i in -11 -10 0 10 11
+			do
+				offset=`format_offset $i`
+				$NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }"
+			done
+
+family=bridge
+	$NFT add table $family x
+	for hook in prerouting input forward output postrouting
+	do
+		prioname=filter
+			gen_chains $family $hook $prioname
+	done
+
+	hook=prerouting
+		prioname=dstnat
+			gen_chains $family $hook $prioname
+
+	hook=output
+		prioname=out
+			gen_chains $family $hook $prioname
+
+	hook=postrouting
+		prioname=srcnat
+			gen_chains $family $hook $prioname
+
diff --git a/tests/shell/testcases/chains/0022prio_dummy_1 b/tests/shell/testcases/chains/0022prio_dummy_1
new file mode 100755
index 00000000..ecdd9456
--- /dev/null
+++ b/tests/shell/testcases/chains/0022prio_dummy_1
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+$NFT add table ip x
+$NFT add chain ip x y "{ type filter hook input priority dummy+1; }" &> /dev/null
+echo "E: dummy should not be a valid priority." >&2
diff --git a/tests/shell/testcases/chains/0023prio_inet_srcnat_1 b/tests/shell/testcases/chains/0023prio_inet_srcnat_1
new file mode 100755
index 00000000..fa53f7a7
--- /dev/null
+++ b/tests/shell/testcases/chains/0023prio_inet_srcnat_1
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+for family in ip ip6 inet
+do
+	for hook in prerouting input forward output
+	do
+		$NFT add table $family x
+		$NFT add chain $family x y "{ type filter hook $hook priority srcnat; }" &> /dev/null
+		if (($? == 0))
+		then
+			echo "E: srcnat should not be a valid priority name in $family $hook chains." >&2
+			exit 0
+		fi
+	done
+done
+exit 1
diff --git a/tests/shell/testcases/chains/0024prio_inet_dstnat_1 b/tests/shell/testcases/chains/0024prio_inet_dstnat_1
new file mode 100755
index 00000000..a9a7264a
--- /dev/null
+++ b/tests/shell/testcases/chains/0024prio_inet_dstnat_1
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+for family in ip ip6 inet
+do
+	for hook in input forward output postrouting
+	do
+		$NFT add table $family x
+		$NFT add chain $family x y "{ type filter hook $hook priority dstnat; }" &> /dev/null
+		if (($? == 0))
+		then
+			echo "E: dstnat should not be a valid priority name in $family $hook chains." >&2
+			exit 0
+		fi
+	done
+done
+exit 1
diff --git a/tests/shell/testcases/chains/0025prio_arp_1 b/tests/shell/testcases/chains/0025prio_arp_1
new file mode 100755
index 00000000..8c671d55
--- /dev/null
+++ b/tests/shell/testcases/chains/0025prio_arp_1
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+family=arp
+	for hook in input output
+	do
+		for prioname in raw mangle dstnat security srcnat
+		do
+			$NFT add table $family x
+			$NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null
+			if (($? == 0))
+			then
+				echo "E: $prioname should not be a valid priority name for arp family chains." >&2
+				exit 0
+			fi
+		done
+	done
+exit 1
diff --git a/tests/shell/testcases/chains/0026prio_netdev_1 b/tests/shell/testcases/chains/0026prio_netdev_1
new file mode 100755
index 00000000..ae022830
--- /dev/null
+++ b/tests/shell/testcases/chains/0026prio_netdev_1
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+family=netdev
+	hook=ingress
+		for prioname in raw mangle dstnat security srcnat
+		do
+			$NFT add table $family x
+			$NFT add chain $family x y "{ type filter hook $hook device lo priority $prioname; }" &> /dev/null
+			if (($? == 0))
+			then
+				echo "E: $prioname should not be a valid priority name for netdev family chains." >&2
+				exit 0
+			fi
+		done
+exit 1
diff --git a/tests/shell/testcases/chains/0027prio_bridge_dstnat_1 b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1
new file mode 100755
index 00000000..df0b6950
--- /dev/null
+++ b/tests/shell/testcases/chains/0027prio_bridge_dstnat_1
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+family=bridge
+	for hook in input forward output postrouting
+	do
+		prioname=dstnat
+			$NFT add table $family x
+			$NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null
+			if (($? == 0))
+			then
+				echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2
+				exit 0
+			fi
+	done
+exit 1
diff --git a/tests/shell/testcases/chains/0028prio_bridge_out_1 b/tests/shell/testcases/chains/0028prio_bridge_out_1
new file mode 100755
index 00000000..06fdbebb
--- /dev/null
+++ b/tests/shell/testcases/chains/0028prio_bridge_out_1
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+family=bridge
+	for hook in prerouting input forward postrouting
+	do
+		prioname=out
+			$NFT add table $family x
+			$NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null
+			if (($? == 0))
+			then
+				echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2
+				exit 0
+			fi
+	done
+exit 1
diff --git a/tests/shell/testcases/chains/0029prio_bridge_srcnat_1 b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1
new file mode 100755
index 00000000..8896a7cf
--- /dev/null
+++ b/tests/shell/testcases/chains/0029prio_bridge_srcnat_1
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+family=bridge
+	for hook in prerouting input forward output
+	do
+		prioname=srcnat
+			$NFT add table $family x
+			$NFT add chain $family x y "{ type filter hook $hook priority $prioname; }" &> /dev/null
+			if (($? == 0))
+			then
+				echo "E: $prioname should not be a valid priority name for bridge $hook chains." >&2
+				exit 0
+			fi
+	done
+exit 1
diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft
new file mode 100644
index 00000000..20125ba0
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft
@@ -0,0 +1,1546 @@
+table ip x {
+	chain preroutingrawm11 {
+		type filter hook prerouting priority -311; policy accept;
+	}
+
+	chain preroutingrawm10 {
+		type filter hook prerouting priority raw - 10; policy accept;
+	}
+
+	chain preroutingraw {
+		type filter hook prerouting priority raw; policy accept;
+	}
+
+	chain preroutingrawp10 {
+		type filter hook prerouting priority raw + 10; policy accept;
+	}
+
+	chain preroutingrawp11 {
+		type filter hook prerouting priority -289; policy accept;
+	}
+
+	chain preroutingmanglem11 {
+		type filter hook prerouting priority -161; policy accept;
+	}
+
+	chain preroutingmanglem10 {
+		type filter hook prerouting priority mangle - 10; policy accept;
+	}
+
+	chain preroutingmangle {
+		type filter hook prerouting priority mangle; policy accept;
+	}
+
+	chain preroutingmanglep10 {
+		type filter hook prerouting priority mangle + 10; policy accept;
+	}
+
+	chain preroutingmanglep11 {
+		type filter hook prerouting priority -139; policy accept;
+	}
+
+	chain preroutingfilterm11 {
+		type filter hook prerouting priority -11; policy accept;
+	}
+
+	chain preroutingfilterm10 {
+		type filter hook prerouting priority filter - 10; policy accept;
+	}
+
+	chain preroutingfilter {
+		type filter hook prerouting priority filter; policy accept;
+	}
+
+	chain preroutingfilterp10 {
+		type filter hook prerouting priority filter + 10; policy accept;
+	}
+
+	chain preroutingfilterp11 {
+		type filter hook prerouting priority 11; policy accept;
+	}
+
+	chain preroutingsecuritym11 {
+		type filter hook prerouting priority 39; policy accept;
+	}
+
+	chain preroutingsecuritym10 {
+		type filter hook prerouting priority security - 10; policy accept;
+	}
+
+	chain preroutingsecurity {
+		type filter hook prerouting priority security; policy accept;
+	}
+
+	chain preroutingsecurityp10 {
+		type filter hook prerouting priority security + 10; policy accept;
+	}
+
+	chain preroutingsecurityp11 {
+		type filter hook prerouting priority 61; policy accept;
+	}
+
+	chain inputrawm11 {
+		type filter hook input priority -311; policy accept;
+	}
+
+	chain inputrawm10 {
+		type filter hook input priority raw - 10; policy accept;
+	}
+
+	chain inputraw {
+		type filter hook input priority raw; policy accept;
+	}
+
+	chain inputrawp10 {
+		type filter hook input priority raw + 10; policy accept;
+	}
+
+	chain inputrawp11 {
+		type filter hook input priority -289; policy accept;
+	}
+
+	chain inputmanglem11 {
+		type filter hook input priority -161; policy accept;
+	}
+
+	chain inputmanglem10 {
+		type filter hook input priority mangle - 10; policy accept;
+	}
+
+	chain inputmangle {
+		type filter hook input priority mangle; policy accept;
+	}
+
+	chain inputmanglep10 {
+		type filter hook input priority mangle + 10; policy accept;
+	}
+
+	chain inputmanglep11 {
+		type filter hook input priority -139; policy accept;
+	}
+
+	chain inputfilterm11 {
+		type filter hook input priority -11; policy accept;
+	}
+
+	chain inputfilterm10 {
+		type filter hook input priority filter - 10; policy accept;
+	}
+
+	chain inputfilter {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain inputfilterp10 {
+		type filter hook input priority filter + 10; policy accept;
+	}
+
+	chain inputfilterp11 {
+		type filter hook input priority 11; policy accept;
+	}
+
+	chain inputsecuritym11 {
+		type filter hook input priority 39; policy accept;
+	}
+
+	chain inputsecuritym10 {
+		type filter hook input priority security - 10; policy accept;
+	}
+
+	chain inputsecurity {
+		type filter hook input priority security; policy accept;
+	}
+
+	chain inputsecurityp10 {
+		type filter hook input priority security + 10; policy accept;
+	}
+
+	chain inputsecurityp11 {
+		type filter hook input priority 61; policy accept;
+	}
+
+	chain forwardrawm11 {
+		type filter hook forward priority -311; policy accept;
+	}
+
+	chain forwardrawm10 {
+		type filter hook forward priority raw - 10; policy accept;
+	}
+
+	chain forwardraw {
+		type filter hook forward priority raw; policy accept;
+	}
+
+	chain forwardrawp10 {
+		type filter hook forward priority raw + 10; policy accept;
+	}
+
+	chain forwardrawp11 {
+		type filter hook forward priority -289; policy accept;
+	}
+
+	chain forwardmanglem11 {
+		type filter hook forward priority -161; policy accept;
+	}
+
+	chain forwardmanglem10 {
+		type filter hook forward priority mangle - 10; policy accept;
+	}
+
+	chain forwardmangle {
+		type filter hook forward priority mangle; policy accept;
+	}
+
+	chain forwardmanglep10 {
+		type filter hook forward priority mangle + 10; policy accept;
+	}
+
+	chain forwardmanglep11 {
+		type filter hook forward priority -139; policy accept;
+	}
+
+	chain forwardfilterm11 {
+		type filter hook forward priority -11; policy accept;
+	}
+
+	chain forwardfilterm10 {
+		type filter hook forward priority filter - 10; policy accept;
+	}
+
+	chain forwardfilter {
+		type filter hook forward priority filter; policy accept;
+	}
+
+	chain forwardfilterp10 {
+		type filter hook forward priority filter + 10; policy accept;
+	}
+
+	chain forwardfilterp11 {
+		type filter hook forward priority 11; policy accept;
+	}
+
+	chain forwardsecuritym11 {
+		type filter hook forward priority 39; policy accept;
+	}
+
+	chain forwardsecuritym10 {
+		type filter hook forward priority security - 10; policy accept;
+	}
+
+	chain forwardsecurity {
+		type filter hook forward priority security; policy accept;
+	}
+
+	chain forwardsecurityp10 {
+		type filter hook forward priority security + 10; policy accept;
+	}
+
+	chain forwardsecurityp11 {
+		type filter hook forward priority 61; policy accept;
+	}
+
+	chain outputrawm11 {
+		type filter hook output priority -311; policy accept;
+	}
+
+	chain outputrawm10 {
+		type filter hook output priority raw - 10; policy accept;
+	}
+
+	chain outputraw {
+		type filter hook output priority raw; policy accept;
+	}
+
+	chain outputrawp10 {
+		type filter hook output priority raw + 10; policy accept;
+	}
+
+	chain outputrawp11 {
+		type filter hook output priority -289; policy accept;
+	}
+
+	chain outputmanglem11 {
+		type filter hook output priority -161; policy accept;
+	}
+
+	chain outputmanglem10 {
+		type filter hook output priority mangle - 10; policy accept;
+	}
+
+	chain outputmangle {
+		type filter hook output priority mangle; policy accept;
+	}
+
+	chain outputmanglep10 {
+		type filter hook output priority mangle + 10; policy accept;
+	}
+
+	chain outputmanglep11 {
+		type filter hook output priority -139; policy accept;
+	}
+
+	chain outputfilterm11 {
+		type filter hook output priority -11; policy accept;
+	}
+
+	chain outputfilterm10 {
+		type filter hook output priority filter - 10; policy accept;
+	}
+
+	chain outputfilter {
+		type filter hook output priority filter; policy accept;
+	}
+
+	chain outputfilterp10 {
+		type filter hook output priority filter + 10; policy accept;
+	}
+
+	chain outputfilterp11 {
+		type filter hook output priority 11; policy accept;
+	}
+
+	chain outputsecuritym11 {
+		type filter hook output priority 39; policy accept;
+	}
+
+	chain outputsecuritym10 {
+		type filter hook output priority security - 10; policy accept;
+	}
+
+	chain outputsecurity {
+		type filter hook output priority security; policy accept;
+	}
+
+	chain outputsecurityp10 {
+		type filter hook output priority security + 10; policy accept;
+	}
+
+	chain outputsecurityp11 {
+		type filter hook output priority 61; policy accept;
+	}
+
+	chain postroutingrawm11 {
+		type filter hook postrouting priority -311; policy accept;
+	}
+
+	chain postroutingrawm10 {
+		type filter hook postrouting priority raw - 10; policy accept;
+	}
+
+	chain postroutingraw {
+		type filter hook postrouting priority raw; policy accept;
+	}
+
+	chain postroutingrawp10 {
+		type filter hook postrouting priority raw + 10; policy accept;
+	}
+
+	chain postroutingrawp11 {
+		type filter hook postrouting priority -289; policy accept;
+	}
+
+	chain postroutingmanglem11 {
+		type filter hook postrouting priority -161; policy accept;
+	}
+
+	chain postroutingmanglem10 {
+		type filter hook postrouting priority mangle - 10; policy accept;
+	}
+
+	chain postroutingmangle {
+		type filter hook postrouting priority mangle; policy accept;
+	}
+
+	chain postroutingmanglep10 {
+		type filter hook postrouting priority mangle + 10; policy accept;
+	}
+
+	chain postroutingmanglep11 {
+		type filter hook postrouting priority -139; policy accept;
+	}
+
+	chain postroutingfilterm11 {
+		type filter hook postrouting priority -11; policy accept;
+	}
+
+	chain postroutingfilterm10 {
+		type filter hook postrouting priority filter - 10; policy accept;
+	}
+
+	chain postroutingfilter {
+		type filter hook postrouting priority filter; policy accept;
+	}
+
+	chain postroutingfilterp10 {
+		type filter hook postrouting priority filter + 10; policy accept;
+	}
+
+	chain postroutingfilterp11 {
+		type filter hook postrouting priority 11; policy accept;
+	}
+
+	chain postroutingsecuritym11 {
+		type filter hook postrouting priority 39; policy accept;
+	}
+
+	chain postroutingsecuritym10 {
+		type filter hook postrouting priority security - 10; policy accept;
+	}
+
+	chain postroutingsecurity {
+		type filter hook postrouting priority security; policy accept;
+	}
+
+	chain postroutingsecurityp10 {
+		type filter hook postrouting priority security + 10; policy accept;
+	}
+
+	chain postroutingsecurityp11 {
+		type filter hook postrouting priority 61; policy accept;
+	}
+
+	chain preroutingdstnatm11 {
+		type filter hook prerouting priority -111; policy accept;
+	}
+
+	chain preroutingdstnatm10 {
+		type filter hook prerouting priority dstnat - 10; policy accept;
+	}
+
+	chain preroutingdstnat {
+		type filter hook prerouting priority dstnat; policy accept;
+	}
+
+	chain preroutingdstnatp10 {
+		type filter hook prerouting priority dstnat + 10; policy accept;
+	}
+
+	chain preroutingdstnatp11 {
+		type filter hook prerouting priority -89; policy accept;
+	}
+
+	chain postroutingsrcnatm11 {
+		type filter hook postrouting priority 89; policy accept;
+	}
+
+	chain postroutingsrcnatm10 {
+		type filter hook postrouting priority srcnat - 10; policy accept;
+	}
+
+	chain postroutingsrcnat {
+		type filter hook postrouting priority srcnat; policy accept;
+	}
+
+	chain postroutingsrcnatp10 {
+		type filter hook postrouting priority srcnat + 10; policy accept;
+	}
+
+	chain postroutingsrcnatp11 {
+		type filter hook postrouting priority 111; policy accept;
+	}
+}
+table ip6 x {
+	chain preroutingrawm11 {
+		type filter hook prerouting priority -311; policy accept;
+	}
+
+	chain preroutingrawm10 {
+		type filter hook prerouting priority raw - 10; policy accept;
+	}
+
+	chain preroutingraw {
+		type filter hook prerouting priority raw; policy accept;
+	}
+
+	chain preroutingrawp10 {
+		type filter hook prerouting priority raw + 10; policy accept;
+	}
+
+	chain preroutingrawp11 {
+		type filter hook prerouting priority -289; policy accept;
+	}
+
+	chain preroutingmanglem11 {
+		type filter hook prerouting priority -161; policy accept;
+	}
+
+	chain preroutingmanglem10 {
+		type filter hook prerouting priority mangle - 10; policy accept;
+	}
+
+	chain preroutingmangle {
+		type filter hook prerouting priority mangle; policy accept;
+	}
+
+	chain preroutingmanglep10 {
+		type filter hook prerouting priority mangle + 10; policy accept;
+	}
+
+	chain preroutingmanglep11 {
+		type filter hook prerouting priority -139; policy accept;
+	}
+
+	chain preroutingfilterm11 {
+		type filter hook prerouting priority -11; policy accept;
+	}
+
+	chain preroutingfilterm10 {
+		type filter hook prerouting priority filter - 10; policy accept;
+	}
+
+	chain preroutingfilter {
+		type filter hook prerouting priority filter; policy accept;
+	}
+
+	chain preroutingfilterp10 {
+		type filter hook prerouting priority filter + 10; policy accept;
+	}
+
+	chain preroutingfilterp11 {
+		type filter hook prerouting priority 11; policy accept;
+	}
+
+	chain preroutingsecuritym11 {
+		type filter hook prerouting priority 39; policy accept;
+	}
+
+	chain preroutingsecuritym10 {
+		type filter hook prerouting priority security - 10; policy accept;
+	}
+
+	chain preroutingsecurity {
+		type filter hook prerouting priority security; policy accept;
+	}
+
+	chain preroutingsecurityp10 {
+		type filter hook prerouting priority security + 10; policy accept;
+	}
+
+	chain preroutingsecurityp11 {
+		type filter hook prerouting priority 61; policy accept;
+	}
+
+	chain inputrawm11 {
+		type filter hook input priority -311; policy accept;
+	}
+
+	chain inputrawm10 {
+		type filter hook input priority raw - 10; policy accept;
+	}
+
+	chain inputraw {
+		type filter hook input priority raw; policy accept;
+	}
+
+	chain inputrawp10 {
+		type filter hook input priority raw + 10; policy accept;
+	}
+
+	chain inputrawp11 {
+		type filter hook input priority -289; policy accept;
+	}
+
+	chain inputmanglem11 {
+		type filter hook input priority -161; policy accept;
+	}
+
+	chain inputmanglem10 {
+		type filter hook input priority mangle - 10; policy accept;
+	}
+
+	chain inputmangle {
+		type filter hook input priority mangle; policy accept;
+	}
+
+	chain inputmanglep10 {
+		type filter hook input priority mangle + 10; policy accept;
+	}
+
+	chain inputmanglep11 {
+		type filter hook input priority -139; policy accept;
+	}
+
+	chain inputfilterm11 {
+		type filter hook input priority -11; policy accept;
+	}
+
+	chain inputfilterm10 {
+		type filter hook input priority filter - 10; policy accept;
+	}
+
+	chain inputfilter {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain inputfilterp10 {
+		type filter hook input priority filter + 10; policy accept;
+	}
+
+	chain inputfilterp11 {
+		type filter hook input priority 11; policy accept;
+	}
+
+	chain inputsecuritym11 {
+		type filter hook input priority 39; policy accept;
+	}
+
+	chain inputsecuritym10 {
+		type filter hook input priority security - 10; policy accept;
+	}
+
+	chain inputsecurity {
+		type filter hook input priority security; policy accept;
+	}
+
+	chain inputsecurityp10 {
+		type filter hook input priority security + 10; policy accept;
+	}
+
+	chain inputsecurityp11 {
+		type filter hook input priority 61; policy accept;
+	}
+
+	chain forwardrawm11 {
+		type filter hook forward priority -311; policy accept;
+	}
+
+	chain forwardrawm10 {
+		type filter hook forward priority raw - 10; policy accept;
+	}
+
+	chain forwardraw {
+		type filter hook forward priority raw; policy accept;
+	}
+
+	chain forwardrawp10 {
+		type filter hook forward priority raw + 10; policy accept;
+	}
+
+	chain forwardrawp11 {
+		type filter hook forward priority -289; policy accept;
+	}
+
+	chain forwardmanglem11 {
+		type filter hook forward priority -161; policy accept;
+	}
+
+	chain forwardmanglem10 {
+		type filter hook forward priority mangle - 10; policy accept;
+	}
+
+	chain forwardmangle {
+		type filter hook forward priority mangle; policy accept;
+	}
+
+	chain forwardmanglep10 {
+		type filter hook forward priority mangle + 10; policy accept;
+	}
+
+	chain forwardmanglep11 {
+		type filter hook forward priority -139; policy accept;
+	}
+
+	chain forwardfilterm11 {
+		type filter hook forward priority -11; policy accept;
+	}
+
+	chain forwardfilterm10 {
+		type filter hook forward priority filter - 10; policy accept;
+	}
+
+	chain forwardfilter {
+		type filter hook forward priority filter; policy accept;
+	}
+
+	chain forwardfilterp10 {
+		type filter hook forward priority filter + 10; policy accept;
+	}
+
+	chain forwardfilterp11 {
+		type filter hook forward priority 11; policy accept;
+	}
+
+	chain forwardsecuritym11 {
+		type filter hook forward priority 39; policy accept;
+	}
+
+	chain forwardsecuritym10 {
+		type filter hook forward priority security - 10; policy accept;
+	}
+
+	chain forwardsecurity {
+		type filter hook forward priority security; policy accept;
+	}
+
+	chain forwardsecurityp10 {
+		type filter hook forward priority security + 10; policy accept;
+	}
+
+	chain forwardsecurityp11 {
+		type filter hook forward priority 61; policy accept;
+	}
+
+	chain outputrawm11 {
+		type filter hook output priority -311; policy accept;
+	}
+
+	chain outputrawm10 {
+		type filter hook output priority raw - 10; policy accept;
+	}
+
+	chain outputraw {
+		type filter hook output priority raw; policy accept;
+	}
+
+	chain outputrawp10 {
+		type filter hook output priority raw + 10; policy accept;
+	}
+
+	chain outputrawp11 {
+		type filter hook output priority -289; policy accept;
+	}
+
+	chain outputmanglem11 {
+		type filter hook output priority -161; policy accept;
+	}
+
+	chain outputmanglem10 {
+		type filter hook output priority mangle - 10; policy accept;
+	}
+
+	chain outputmangle {
+		type filter hook output priority mangle; policy accept;
+	}
+
+	chain outputmanglep10 {
+		type filter hook output priority mangle + 10; policy accept;
+	}
+
+	chain outputmanglep11 {
+		type filter hook output priority -139; policy accept;
+	}
+
+	chain outputfilterm11 {
+		type filter hook output priority -11; policy accept;
+	}
+
+	chain outputfilterm10 {
+		type filter hook output priority filter - 10; policy accept;
+	}
+
+	chain outputfilter {
+		type filter hook output priority filter; policy accept;
+	}
+
+	chain outputfilterp10 {
+		type filter hook output priority filter + 10; policy accept;
+	}
+
+	chain outputfilterp11 {
+		type filter hook output priority 11; policy accept;
+	}
+
+	chain outputsecuritym11 {
+		type filter hook output priority 39; policy accept;
+	}
+
+	chain outputsecuritym10 {
+		type filter hook output priority security - 10; policy accept;
+	}
+
+	chain outputsecurity {
+		type filter hook output priority security; policy accept;
+	}
+
+	chain outputsecurityp10 {
+		type filter hook output priority security + 10; policy accept;
+	}
+
+	chain outputsecurityp11 {
+		type filter hook output priority 61; policy accept;
+	}
+
+	chain postroutingrawm11 {
+		type filter hook postrouting priority -311; policy accept;
+	}
+
+	chain postroutingrawm10 {
+		type filter hook postrouting priority raw - 10; policy accept;
+	}
+
+	chain postroutingraw {
+		type filter hook postrouting priority raw; policy accept;
+	}
+
+	chain postroutingrawp10 {
+		type filter hook postrouting priority raw + 10; policy accept;
+	}
+
+	chain postroutingrawp11 {
+		type filter hook postrouting priority -289; policy accept;
+	}
+
+	chain postroutingmanglem11 {
+		type filter hook postrouting priority -161; policy accept;
+	}
+
+	chain postroutingmanglem10 {
+		type filter hook postrouting priority mangle - 10; policy accept;
+	}
+
+	chain postroutingmangle {
+		type filter hook postrouting priority mangle; policy accept;
+	}
+
+	chain postroutingmanglep10 {
+		type filter hook postrouting priority mangle + 10; policy accept;
+	}
+
+	chain postroutingmanglep11 {
+		type filter hook postrouting priority -139; policy accept;
+	}
+
+	chain postroutingfilterm11 {
+		type filter hook postrouting priority -11; policy accept;
+	}
+
+	chain postroutingfilterm10 {
+		type filter hook postrouting priority filter - 10; policy accept;
+	}
+
+	chain postroutingfilter {
+		type filter hook postrouting priority filter; policy accept;
+	}
+
+	chain postroutingfilterp10 {
+		type filter hook postrouting priority filter + 10; policy accept;
+	}
+
+	chain postroutingfilterp11 {
+		type filter hook postrouting priority 11; policy accept;
+	}
+
+	chain postroutingsecuritym11 {
+		type filter hook postrouting priority 39; policy accept;
+	}
+
+	chain postroutingsecuritym10 {
+		type filter hook postrouting priority security - 10; policy accept;
+	}
+
+	chain postroutingsecurity {
+		type filter hook postrouting priority security; policy accept;
+	}
+
+	chain postroutingsecurityp10 {
+		type filter hook postrouting priority security + 10; policy accept;
+	}
+
+	chain postroutingsecurityp11 {
+		type filter hook postrouting priority 61; policy accept;
+	}
+
+	chain preroutingdstnatm11 {
+		type filter hook prerouting priority -111; policy accept;
+	}
+
+	chain preroutingdstnatm10 {
+		type filter hook prerouting priority dstnat - 10; policy accept;
+	}
+
+	chain preroutingdstnat {
+		type filter hook prerouting priority dstnat; policy accept;
+	}
+
+	chain preroutingdstnatp10 {
+		type filter hook prerouting priority dstnat + 10; policy accept;
+	}
+
+	chain preroutingdstnatp11 {
+		type filter hook prerouting priority -89; policy accept;
+	}
+
+	chain postroutingsrcnatm11 {
+		type filter hook postrouting priority 89; policy accept;
+	}
+
+	chain postroutingsrcnatm10 {
+		type filter hook postrouting priority srcnat - 10; policy accept;
+	}
+
+	chain postroutingsrcnat {
+		type filter hook postrouting priority srcnat; policy accept;
+	}
+
+	chain postroutingsrcnatp10 {
+		type filter hook postrouting priority srcnat + 10; policy accept;
+	}
+
+	chain postroutingsrcnatp11 {
+		type filter hook postrouting priority 111; policy accept;
+	}
+}
+table inet x {
+	chain preroutingrawm11 {
+		type filter hook prerouting priority -311; policy accept;
+	}
+
+	chain preroutingrawm10 {
+		type filter hook prerouting priority raw - 10; policy accept;
+	}
+
+	chain preroutingraw {
+		type filter hook prerouting priority raw; policy accept;
+	}
+
+	chain preroutingrawp10 {
+		type filter hook prerouting priority raw + 10; policy accept;
+	}
+
+	chain preroutingrawp11 {
+		type filter hook prerouting priority -289; policy accept;
+	}
+
+	chain preroutingmanglem11 {
+		type filter hook prerouting priority -161; policy accept;
+	}
+
+	chain preroutingmanglem10 {
+		type filter hook prerouting priority mangle - 10; policy accept;
+	}
+
+	chain preroutingmangle {
+		type filter hook prerouting priority mangle; policy accept;
+	}
+
+	chain preroutingmanglep10 {
+		type filter hook prerouting priority mangle + 10; policy accept;
+	}
+
+	chain preroutingmanglep11 {
+		type filter hook prerouting priority -139; policy accept;
+	}
+
+	chain preroutingfilterm11 {
+		type filter hook prerouting priority -11; policy accept;
+	}
+
+	chain preroutingfilterm10 {
+		type filter hook prerouting priority filter - 10; policy accept;
+	}
+
+	chain preroutingfilter {
+		type filter hook prerouting priority filter; policy accept;
+	}
+
+	chain preroutingfilterp10 {
+		type filter hook prerouting priority filter + 10; policy accept;
+	}
+
+	chain preroutingfilterp11 {
+		type filter hook prerouting priority 11; policy accept;
+	}
+
+	chain preroutingsecuritym11 {
+		type filter hook prerouting priority 39; policy accept;
+	}
+
+	chain preroutingsecuritym10 {
+		type filter hook prerouting priority security - 10; policy accept;
+	}
+
+	chain preroutingsecurity {
+		type filter hook prerouting priority security; policy accept;
+	}
+
+	chain preroutingsecurityp10 {
+		type filter hook prerouting priority security + 10; policy accept;
+	}
+
+	chain preroutingsecurityp11 {
+		type filter hook prerouting priority 61; policy accept;
+	}
+
+	chain inputrawm11 {
+		type filter hook input priority -311; policy accept;
+	}
+
+	chain inputrawm10 {
+		type filter hook input priority raw - 10; policy accept;
+	}
+
+	chain inputraw {
+		type filter hook input priority raw; policy accept;
+	}
+
+	chain inputrawp10 {
+		type filter hook input priority raw + 10; policy accept;
+	}
+
+	chain inputrawp11 {
+		type filter hook input priority -289; policy accept;
+	}
+
+	chain inputmanglem11 {
+		type filter hook input priority -161; policy accept;
+	}
+
+	chain inputmanglem10 {
+		type filter hook input priority mangle - 10; policy accept;
+	}
+
+	chain inputmangle {
+		type filter hook input priority mangle; policy accept;
+	}
+
+	chain inputmanglep10 {
+		type filter hook input priority mangle + 10; policy accept;
+	}
+
+	chain inputmanglep11 {
+		type filter hook input priority -139; policy accept;
+	}
+
+	chain inputfilterm11 {
+		type filter hook input priority -11; policy accept;
+	}
+
+	chain inputfilterm10 {
+		type filter hook input priority filter - 10; policy accept;
+	}
+
+	chain inputfilter {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain inputfilterp10 {
+		type filter hook input priority filter + 10; policy accept;
+	}
+
+	chain inputfilterp11 {
+		type filter hook input priority 11; policy accept;
+	}
+
+	chain inputsecuritym11 {
+		type filter hook input priority 39; policy accept;
+	}
+
+	chain inputsecuritym10 {
+		type filter hook input priority security - 10; policy accept;
+	}
+
+	chain inputsecurity {
+		type filter hook input priority security; policy accept;
+	}
+
+	chain inputsecurityp10 {
+		type filter hook input priority security + 10; policy accept;
+	}
+
+	chain inputsecurityp11 {
+		type filter hook input priority 61; policy accept;
+	}
+
+	chain forwardrawm11 {
+		type filter hook forward priority -311; policy accept;
+	}
+
+	chain forwardrawm10 {
+		type filter hook forward priority raw - 10; policy accept;
+	}
+
+	chain forwardraw {
+		type filter hook forward priority raw; policy accept;
+	}
+
+	chain forwardrawp10 {
+		type filter hook forward priority raw + 10; policy accept;
+	}
+
+	chain forwardrawp11 {
+		type filter hook forward priority -289; policy accept;
+	}
+
+	chain forwardmanglem11 {
+		type filter hook forward priority -161; policy accept;
+	}
+
+	chain forwardmanglem10 {
+		type filter hook forward priority mangle - 10; policy accept;
+	}
+
+	chain forwardmangle {
+		type filter hook forward priority mangle; policy accept;
+	}
+
+	chain forwardmanglep10 {
+		type filter hook forward priority mangle + 10; policy accept;
+	}
+
+	chain forwardmanglep11 {
+		type filter hook forward priority -139; policy accept;
+	}
+
+	chain forwardfilterm11 {
+		type filter hook forward priority -11; policy accept;
+	}
+
+	chain forwardfilterm10 {
+		type filter hook forward priority filter - 10; policy accept;
+	}
+
+	chain forwardfilter {
+		type filter hook forward priority filter; policy accept;
+	}
+
+	chain forwardfilterp10 {
+		type filter hook forward priority filter + 10; policy accept;
+	}
+
+	chain forwardfilterp11 {
+		type filter hook forward priority 11; policy accept;
+	}
+
+	chain forwardsecuritym11 {
+		type filter hook forward priority 39; policy accept;
+	}
+
+	chain forwardsecuritym10 {
+		type filter hook forward priority security - 10; policy accept;
+	}
+
+	chain forwardsecurity {
+		type filter hook forward priority security; policy accept;
+	}
+
+	chain forwardsecurityp10 {
+		type filter hook forward priority security + 10; policy accept;
+	}
+
+	chain forwardsecurityp11 {
+		type filter hook forward priority 61; policy accept;
+	}
+
+	chain outputrawm11 {
+		type filter hook output priority -311; policy accept;
+	}
+
+	chain outputrawm10 {
+		type filter hook output priority raw - 10; policy accept;
+	}
+
+	chain outputraw {
+		type filter hook output priority raw; policy accept;
+	}
+
+	chain outputrawp10 {
+		type filter hook output priority raw + 10; policy accept;
+	}
+
+	chain outputrawp11 {
+		type filter hook output priority -289; policy accept;
+	}
+
+	chain outputmanglem11 {
+		type filter hook output priority -161; policy accept;
+	}
+
+	chain outputmanglem10 {
+		type filter hook output priority mangle - 10; policy accept;
+	}
+
+	chain outputmangle {
+		type filter hook output priority mangle; policy accept;
+	}
+
+	chain outputmanglep10 {
+		type filter hook output priority mangle + 10; policy accept;
+	}
+
+	chain outputmanglep11 {
+		type filter hook output priority -139; policy accept;
+	}
+
+	chain outputfilterm11 {
+		type filter hook output priority -11; policy accept;
+	}
+
+	chain outputfilterm10 {
+		type filter hook output priority filter - 10; policy accept;
+	}
+
+	chain outputfilter {
+		type filter hook output priority filter; policy accept;
+	}
+
+	chain outputfilterp10 {
+		type filter hook output priority filter + 10; policy accept;
+	}
+
+	chain outputfilterp11 {
+		type filter hook output priority 11; policy accept;
+	}
+
+	chain outputsecuritym11 {
+		type filter hook output priority 39; policy accept;
+	}
+
+	chain outputsecuritym10 {
+		type filter hook output priority security - 10; policy accept;
+	}
+
+	chain outputsecurity {
+		type filter hook output priority security; policy accept;
+	}
+
+	chain outputsecurityp10 {
+		type filter hook output priority security + 10; policy accept;
+	}
+
+	chain outputsecurityp11 {
+		type filter hook output priority 61; policy accept;
+	}
+
+	chain postroutingrawm11 {
+		type filter hook postrouting priority -311; policy accept;
+	}
+
+	chain postroutingrawm10 {
+		type filter hook postrouting priority raw - 10; policy accept;
+	}
+
+	chain postroutingraw {
+		type filter hook postrouting priority raw; policy accept;
+	}
+
+	chain postroutingrawp10 {
+		type filter hook postrouting priority raw + 10; policy accept;
+	}
+
+	chain postroutingrawp11 {
+		type filter hook postrouting priority -289; policy accept;
+	}
+
+	chain postroutingmanglem11 {
+		type filter hook postrouting priority -161; policy accept;
+	}
+
+	chain postroutingmanglem10 {
+		type filter hook postrouting priority mangle - 10; policy accept;
+	}
+
+	chain postroutingmangle {
+		type filter hook postrouting priority mangle; policy accept;
+	}
+
+	chain postroutingmanglep10 {
+		type filter hook postrouting priority mangle + 10; policy accept;
+	}
+
+	chain postroutingmanglep11 {
+		type filter hook postrouting priority -139; policy accept;
+	}
+
+	chain postroutingfilterm11 {
+		type filter hook postrouting priority -11; policy accept;
+	}
+
+	chain postroutingfilterm10 {
+		type filter hook postrouting priority filter - 10; policy accept;
+	}
+
+	chain postroutingfilter {
+		type filter hook postrouting priority filter; policy accept;
+	}
+
+	chain postroutingfilterp10 {
+		type filter hook postrouting priority filter + 10; policy accept;
+	}
+
+	chain postroutingfilterp11 {
+		type filter hook postrouting priority 11; policy accept;
+	}
+
+	chain postroutingsecuritym11 {
+		type filter hook postrouting priority 39; policy accept;
+	}
+
+	chain postroutingsecuritym10 {
+		type filter hook postrouting priority security - 10; policy accept;
+	}
+
+	chain postroutingsecurity {
+		type filter hook postrouting priority security; policy accept;
+	}
+
+	chain postroutingsecurityp10 {
+		type filter hook postrouting priority security + 10; policy accept;
+	}
+
+	chain postroutingsecurityp11 {
+		type filter hook postrouting priority 61; policy accept;
+	}
+
+	chain preroutingdstnatm11 {
+		type filter hook prerouting priority -111; policy accept;
+	}
+
+	chain preroutingdstnatm10 {
+		type filter hook prerouting priority dstnat - 10; policy accept;
+	}
+
+	chain preroutingdstnat {
+		type filter hook prerouting priority dstnat; policy accept;
+	}
+
+	chain preroutingdstnatp10 {
+		type filter hook prerouting priority dstnat + 10; policy accept;
+	}
+
+	chain preroutingdstnatp11 {
+		type filter hook prerouting priority -89; policy accept;
+	}
+
+	chain postroutingsrcnatm11 {
+		type filter hook postrouting priority 89; policy accept;
+	}
+
+	chain postroutingsrcnatm10 {
+		type filter hook postrouting priority srcnat - 10; policy accept;
+	}
+
+	chain postroutingsrcnat {
+		type filter hook postrouting priority srcnat; policy accept;
+	}
+
+	chain postroutingsrcnatp10 {
+		type filter hook postrouting priority srcnat + 10; policy accept;
+	}
+
+	chain postroutingsrcnatp11 {
+		type filter hook postrouting priority 111; policy accept;
+	}
+}
+table arp x {
+	chain inputfilterm11 {
+		type filter hook input priority -11; policy accept;
+	}
+
+	chain inputfilterm10 {
+		type filter hook input priority filter - 10; policy accept;
+	}
+
+	chain inputfilter {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain inputfilterp10 {
+		type filter hook input priority filter + 10; policy accept;
+	}
+
+	chain inputfilterp11 {
+		type filter hook input priority 11; policy accept;
+	}
+
+	chain outputfilterm11 {
+		type filter hook output priority -11; policy accept;
+	}
+
+	chain outputfilterm10 {
+		type filter hook output priority filter - 10; policy accept;
+	}
+
+	chain outputfilter {
+		type filter hook output priority filter; policy accept;
+	}
+
+	chain outputfilterp10 {
+		type filter hook output priority filter + 10; policy accept;
+	}
+
+	chain outputfilterp11 {
+		type filter hook output priority 11; policy accept;
+	}
+}
+table netdev x {
+	chain ingressfilterm11 {
+		type filter hook ingress device lo priority -11; policy accept;
+	}
+
+	chain ingressfilterm10 {
+		type filter hook ingress device lo priority filter - 10; policy accept;
+	}
+
+	chain ingressfilter {
+		type filter hook ingress device lo priority filter; policy accept;
+	}
+
+	chain ingressfilterp10 {
+		type filter hook ingress device lo priority filter + 10; policy accept;
+	}
+
+	chain ingressfilterp11 {
+		type filter hook ingress device lo priority 11; policy accept;
+	}
+}
+table bridge x {
+	chain preroutingfilterm11 {
+		type filter hook prerouting priority -211; policy accept;
+	}
+
+	chain preroutingfilterm10 {
+		type filter hook prerouting priority filter - 10; policy accept;
+	}
+
+	chain preroutingfilter {
+		type filter hook prerouting priority filter; policy accept;
+	}
+
+	chain preroutingfilterp10 {
+		type filter hook prerouting priority filter + 10; policy accept;
+	}
+
+	chain preroutingfilterp11 {
+		type filter hook prerouting priority -189; policy accept;
+	}
+
+	chain inputfilterm11 {
+		type filter hook input priority -211; policy accept;
+	}
+
+	chain inputfilterm10 {
+		type filter hook input priority filter - 10; policy accept;
+	}
+
+	chain inputfilter {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain inputfilterp10 {
+		type filter hook input priority filter + 10; policy accept;
+	}
+
+	chain inputfilterp11 {
+		type filter hook input priority -189; policy accept;
+	}
+
+	chain forwardfilterm11 {
+		type filter hook forward priority -211; policy accept;
+	}
+
+	chain forwardfilterm10 {
+		type filter hook forward priority filter - 10; policy accept;
+	}
+
+	chain forwardfilter {
+		type filter hook forward priority filter; policy accept;
+	}
+
+	chain forwardfilterp10 {
+		type filter hook forward priority filter + 10; policy accept;
+	}
+
+	chain forwardfilterp11 {
+		type filter hook forward priority -189; policy accept;
+	}
+
+	chain outputfilterm11 {
+		type filter hook output priority -211; policy accept;
+	}
+
+	chain outputfilterm10 {
+		type filter hook output priority filter - 10; policy accept;
+	}
+
+	chain outputfilter {
+		type filter hook output priority filter; policy accept;
+	}
+
+	chain outputfilterp10 {
+		type filter hook output priority filter + 10; policy accept;
+	}
+
+	chain outputfilterp11 {
+		type filter hook output priority -189; policy accept;
+	}
+
+	chain postroutingfilterm11 {
+		type filter hook postrouting priority -211; policy accept;
+	}
+
+	chain postroutingfilterm10 {
+		type filter hook postrouting priority filter - 10; policy accept;
+	}
+
+	chain postroutingfilter {
+		type filter hook postrouting priority filter; policy accept;
+	}
+
+	chain postroutingfilterp10 {
+		type filter hook postrouting priority filter + 10; policy accept;
+	}
+
+	chain postroutingfilterp11 {
+		type filter hook postrouting priority -189; policy accept;
+	}
+
+	chain preroutingdstnatm11 {
+		type filter hook prerouting priority -311; policy accept;
+	}
+
+	chain preroutingdstnatm10 {
+		type filter hook prerouting priority dstnat - 10; policy accept;
+	}
+
+	chain preroutingdstnat {
+		type filter hook prerouting priority dstnat; policy accept;
+	}
+
+	chain preroutingdstnatp10 {
+		type filter hook prerouting priority dstnat + 10; policy accept;
+	}
+
+	chain preroutingdstnatp11 {
+		type filter hook prerouting priority -289; policy accept;
+	}
+
+	chain outputoutm11 {
+		type filter hook output priority 89; policy accept;
+	}
+
+	chain outputoutm10 {
+		type filter hook output priority out - 10; policy accept;
+	}
+
+	chain outputout {
+		type filter hook output priority out; policy accept;
+	}
+
+	chain outputoutp10 {
+		type filter hook output priority out + 10; policy accept;
+	}
+
+	chain outputoutp11 {
+		type filter hook output priority 111; policy accept;
+	}
+
+	chain postroutingsrcnatm11 {
+		type filter hook postrouting priority 289; policy accept;
+	}
+
+	chain postroutingsrcnatm10 {
+		type filter hook postrouting priority srcnat - 10; policy accept;
+	}
+
+	chain postroutingsrcnat {
+		type filter hook postrouting priority srcnat; policy accept;
+	}
+
+	chain postroutingsrcnatp10 {
+		type filter hook postrouting priority srcnat + 10; policy accept;
+	}
+
+	chain postroutingsrcnatp11 {
+		type filter hook postrouting priority 311; policy accept;
+	}
+}
-- 
cgit v1.2.3