diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-01-18 19:58:50 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-18 19:58:50 +0100 |
| commit | c77369761f9cb8bec1d026b0e5586a402f4c7285 (patch) | |
| tree | 0996f0e1bad2413e2be20b6fe360937e971ce75c | |
| parent | 385b72da4845e5c247aaeae9469ca04da216a4cb (diff) | |
| parent | a7e14cba820fcb4a0f448c05d4480e00d26130ee (diff) | |
| download | vyos-1x-c77369761f9cb8bec1d026b0e5586a402f4c7285.tar.gz vyos-1x-c77369761f9cb8bec1d026b0e5586a402f4c7285.zip | |
Merge pull request #1178 from sarthurdev/firewall_T4188
firewall: T4188: Create default conntrack `FW_CONNTRACK` chain
| -rw-r--r-- | data/templates/firewall/nftables.tmpl | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl index e8fa4e306..81b2c0b98 100644 --- a/data/templates/firewall/nftables.tmpl +++ b/data/templates/firewall/nftables.tmpl @@ -175,6 +175,7 @@ table raw { counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_PREROUTING_HOOK + counter jump FW_CONNTRACK notrack } @@ -183,6 +184,7 @@ table raw { counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_OUTPUT_HOOK + counter jump FW_CONNTRACK notrack } @@ -220,6 +222,10 @@ table raw { chain VYOS_CT_OUTPUT_HOOK { return } + + chain FW_CONNTRACK { + accept + } } table ip6 raw { @@ -230,12 +236,14 @@ table ip6 raw { chain PREROUTING { type filter hook prerouting priority -300; policy accept; counter jump VYOS_CT_PREROUTING_HOOK + counter jump FW_CONNTRACK notrack } chain OUTPUT { type filter hook output priority -300; policy accept; counter jump VYOS_CT_OUTPUT_HOOK + counter jump FW_CONNTRACK notrack } @@ -246,5 +254,9 @@ table ip6 raw { chain VYOS_CT_OUTPUT_HOOK { return } + + chain FW_CONNTRACK { + accept + } } {% endif %} |