summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-09-12 20:16:21 +0200
committerGitHub <noreply@github.com>2023-09-12 20:16:21 +0200
commit3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e (patch)
tree069c03eb0ad1580680bf96338863bde21dcd3705
parent87ab93326dfd0566d2ad5aeb3878fed5756c7c87 (diff)
parentded55a82a00dbfd3425cec63ed08114957241683 (diff)
downloadvyos-1x-3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e.tar.gz
vyos-1x-3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e.zip
Merge pull request #2237 from vfreex/fix-nat-problem-with-vrf-sagitta
T3655: Fix NAT problem with VRF
-rw-r--r--data/templates/firewall/nftables-vrf-zones.j24
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
index eecf47b78..3bce7312d 100644
--- a/data/templates/firewall/nftables-vrf-zones.j2
+++ b/data/templates/firewall/nftables-vrf-zones.j2
@@ -7,11 +7,11 @@ table inet vrf_zones {
# Chain for inbound traffic
chain vrf_zones_ct_in {
type filter hook prerouting priority raw; policy accept;
- counter ct zone set iifname map @ct_iface_map
+ counter ct original zone set iifname map @ct_iface_map
}
# Chain for locally-generated traffic
chain vrf_zones_ct_out {
type filter hook output priority raw; policy accept;
- counter ct zone set oifname map @ct_iface_map
+ counter ct original zone set oifname map @ct_iface_map
}
}