From ecf3141d5b5fe08c6ae00b5cd299daf6a6e30f82 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Tue, 25 Jun 2024 11:55:53 +0000
Subject: T3900: extend latest fix for firewall raw implementation to ipv6.

---
 data/templates/firewall/nftables.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data/templates')

diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index ee34f58fc..68a3bfd87 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -239,7 +239,7 @@ table ip6 vyos_filter {
 {%         for prior, conf in ipv6.output.items() %}
     chain VYOS_IPV6_OUTPUT_{{ prior }} {
         type filter hook output priority {{ prior }}; policy accept;
-{%             if global_options.state_policy is vyos_defined %}
+{%             if global_options.state_policy is vyos_defined and prior == 'filter' %}
         jump VYOS_STATE_POLICY6
 {%             endif %}
 {%             if conf.rule is vyos_defined %}
-- 
cgit v1.2.3