summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-09-10 20:36:49 +0200
committerGitHub <noreply@github.com>2023-09-10 20:36:49 +0200
commit87880a552fd112157a59afafa34fcbd6891f30ae (patch)
tree132c055789a843d2c7f76b2eadac96b0723a1778
parent0ad6d33f2fb19c2b630aac0c8e984895dd8af54d (diff)
parentaed71d4b7718d55982cf694617c04e28aa002c93 (diff)
downloadvyos-1x-87880a552fd112157a59afafa34fcbd6891f30ae.tar.gz
vyos-1x-87880a552fd112157a59afafa34fcbd6891f30ae.zip
Merge pull request #2236 from vfreex/fix-nat-problem-with-vrf
T3655: Fix NAT problem with VRF
-rw-r--r--data/templates/firewall/nftables-vrf-zones.j24
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
index eecf47b78..3bce7312d 100644
--- a/data/templates/firewall/nftables-vrf-zones.j2
+++ b/data/templates/firewall/nftables-vrf-zones.j2
@@ -7,11 +7,11 @@ table inet vrf_zones {
# Chain for inbound traffic
chain vrf_zones_ct_in {
type filter hook prerouting priority raw; policy accept;
- counter ct zone set iifname map @ct_iface_map
+ counter ct original zone set iifname map @ct_iface_map
}
# Chain for locally-generated traffic
chain vrf_zones_ct_out {
type filter hook output priority raw; policy accept;
- counter ct zone set oifname map @ct_iface_map
+ counter ct original zone set oifname map @ct_iface_map
}
}