summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2024-06-25 11:55:53 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2024-06-25 11:55:53 +0000
commitecf3141d5b5fe08c6ae00b5cd299daf6a6e30f82 (patch)
tree0d586110176a8f9da532df80efcfc669b007518f
parent4f89e4b7a19a58d893e4e89a6e8491f239f1122e (diff)
downloadvyos-1x-ecf3141d5b5fe08c6ae00b5cd299daf6a6e30f82.tar.gz
vyos-1x-ecf3141d5b5fe08c6ae00b5cd299daf6a6e30f82.zip
T3900: extend latest fix for firewall raw implementation to ipv6.
-rw-r--r--data/templates/firewall/nftables.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index ee34f58fc..68a3bfd87 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -239,7 +239,7 @@ table ip6 vyos_filter {
{% for prior, conf in ipv6.output.items() %}
chain VYOS_IPV6_OUTPUT_{{ prior }} {
type filter hook output priority {{ prior }}; policy accept;
-{% if global_options.state_policy is vyos_defined %}
+{% if global_options.state_policy is vyos_defined and prior == 'filter' %}
jump VYOS_STATE_POLICY6
{% endif %}
{% if conf.rule is vyos_defined %}