summaryrefslogtreecommitdiff
path: root/data/templates/firewall
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-20 22:00:47 +0200
committerGitHub <noreply@github.com>2024-06-20 22:00:47 +0200
commit442bf37dbccbcb9f47333543742fa7aa665bb417 (patch)
tree7cacbfee3c9ff9a3dab380f1299b4206d9113c73 /data/templates/firewall
parent109e0940be4956879d3ba074894023a1508424bf (diff)
parent7829229e8a91c554db188cf523669bb11ec77c2a (diff)
downloadvyos-1x-442bf37dbccbcb9f47333543742fa7aa665bb417.tar.gz
vyos-1x-442bf37dbccbcb9f47333543742fa7aa665bb417.zip
Merge pull request #3693 from nicolas-fort/T3900-fix-template
T3900: firewall: fix for initial implementation
Diffstat (limited to 'data/templates/firewall')
-rw-r--r--data/templates/firewall/nftables.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index 343917fee..ee34f58fc 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -86,7 +86,7 @@ table ip vyos_filter {
{% for prior, conf in ipv4.output.items() %}
chain VYOS_OUTPUT_{{ prior }} {
type filter hook output priority {{ prior }}; policy accept;
-{% if global_options.state_policy is vyos_defined %}
+{% if global_options.state_policy is vyos_defined and prior == 'filter' %}
jump VYOS_STATE_POLICY
{% endif %}
{% if conf.rule is vyos_defined %}