diff options
author | Christian Breunig <christian@breunig.cc> | 2024-07-26 13:25:19 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-07-26 13:52:19 +0200 |
commit | d6e9824f1612bd8c876437c071f31a1a0f44af5d (patch) | |
tree | 0fa6fc0c7678233410c21234b6c7e2631bf5c972 /interface-definitions/include | |
parent | 87741c1a7b1896a0c2f220b98a79c5d3f24e1845 (diff) | |
download | vyos-1x-d6e9824f1612bd8c876437c071f31a1a0f44af5d.tar.gz vyos-1x-d6e9824f1612bd8c876437c071f31a1a0f44af5d.zip |
vrf: T6603: conntrack ct_iface_map must only contain one entry for iifname/oifname
When any of the following features NAT, NAT66 or Firewall is enabled, for every
VRF on the CLI we install one rule into nftables for conntrack:
chain vrf_zones_ct_in {
type filter hook prerouting priority raw; policy accept;
counter packets 3113 bytes 32227 ct original zone set iifname map @ct_iface_map
counter packets 8550 bytes 80739 ct original zone set iifname map @ct_iface_map
counter packets 5644 bytes 67697 ct original zone set iifname map @ct_iface_map
}
This is superfluous.
Diffstat (limited to 'interface-definitions/include')
0 files changed, 0 insertions, 0 deletions