summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-policy.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-07-03 21:07:01 +0200
committerGitHub <noreply@github.com>2023-07-03 21:07:01 +0200
commitf1b50757f816ad7a11077656c8fcf54d21bf1888 (patch)
tree75390cbdfa235d55aaedc020fb31c9cbce9d4b6b /data/templates/firewall/nftables-policy.j2
parentfbb4f315eee8cd701aade8845ea842567a56dc64 (diff)
parent5cf503955377d138c626b2c8157eab71b1fa8fad (diff)
downloadvyos-1x-f1b50757f816ad7a11077656c8fcf54d21bf1888.tar.gz
vyos-1x-f1b50757f816ad7a11077656c8fcf54d21bf1888.zip
Merge pull request #2069 from sever-sever/T5333
T5333: Set prefix UD for PBR generated user-defined chain names
Diffstat (limited to 'data/templates/firewall/nftables-policy.j2')
-rw-r--r--data/templates/firewall/nftables-policy.j28
1 files changed, 4 insertions, 4 deletions
diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2
index 7a89d29e4..1c9bda64f 100644
--- a/data/templates/firewall/nftables-policy.j2
+++ b/data/templates/firewall/nftables-policy.j2
@@ -11,7 +11,7 @@ table ip vyos_mangle {
type filter hook prerouting priority -150; policy accept;
{% if route is vyos_defined %}
{% for route_text, conf in route.items() if conf.interface is vyos_defined %}
- iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }}
+ iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_UD_{{ route_text }}
{% endfor %}
{% endif %}
}
@@ -22,7 +22,7 @@ table ip vyos_mangle {
{% if route is vyos_defined %}
{% for route_text, conf in route.items() %}
- chain VYOS_PBR_{{ route_text }} {
+ chain VYOS_PBR_UD_{{ route_text }} {
{% if conf.rule is vyos_defined %}
{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(route_text, rule_id, 'ip') }}
@@ -40,7 +40,7 @@ table ip6 vyos_mangle {
type filter hook prerouting priority -150; policy accept;
{% if route6 is vyos_defined %}
{% for route_text, conf in route6.items() if conf.interface is vyos_defined %}
- iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR6_{{ route_text }}
+ iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR6_UD_{{ route_text }}
{% endfor %}
{% endif %}
}
@@ -51,7 +51,7 @@ table ip6 vyos_mangle {
{% if route6 is vyos_defined %}
{% for route_text, conf in route6.items() %}
- chain VYOS_PBR6_{{ route_text }} {
+ chain VYOS_PBR6_UD_{{ route_text }} {
{% if conf.rule is vyos_defined %}
{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
{{ rule_conf | nft_rule(route_text, rule_id, 'ip6') }}