From bbaca18568d905f7151c5f30e274f9dbdb096ee8 Mon Sep 17 00:00:00 2001
From: Merijn Evertse <merijn@trans-ix.nl>
Date: Tue, 29 Jan 2019 14:21:29 +0100
Subject: T166: Changed NPTv6 to use NETMAP

---
 scripts/firewall/firewall.init.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 30614bf..5d3d22f 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -150,6 +150,12 @@ start () {
         ip6tables -t mangle -N VYOS_SNPT_HOOK
         ip6tables -t mangle -A VYOS_SNPT_HOOK -j RETURN
         ip6tables -t mangle -A POSTROUTING -j VYOS_SNPT_HOOK
+        ip6tables -t nat -N VYOS_DNPT_HOOK
+        ip6tables -t nat -A VYOS_DNPT_HOOK -j RETURN
+        ip6tables -t nat -A PREROUTING -j VYOS_DNPT_HOOK
+        ip6tables -t nat -N VYOS_SNPT_HOOK
+        ip6tables -t nat -A VYOS_SNPT_HOOK -j RETURN
+        ip6tables -t nat -A POSTROUTING -j VYOS_SNPT_HOOK
         # NOTRACK hook : not needed, since every v6 connection is NOTRACK'ed for now (see a few lines up)
         # ip6tables -t raw -N VYOS_NPT_HOOK
         # ip6tables -t raw -A PREROUTING -j VYOS_NPT_HOOK
-- 
cgit v1.2.3