diff options
author | Christian Breunig <christian@breunig.cc> | 2023-09-12 20:16:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-12 20:16:21 +0200 |
commit | 3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e (patch) | |
tree | 069c03eb0ad1580680bf96338863bde21dcd3705 | |
parent | 87ab93326dfd0566d2ad5aeb3878fed5756c7c87 (diff) | |
parent | ded55a82a00dbfd3425cec63ed08114957241683 (diff) | |
download | vyos-1x-3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e.tar.gz vyos-1x-3d9a0b02d031a97b099ef6fe4ba07d7ce7eb958e.zip |
Merge pull request #2237 from vfreex/fix-nat-problem-with-vrf-sagitta
T3655: Fix NAT problem with VRF
-rw-r--r-- | data/templates/firewall/nftables-vrf-zones.j2 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2 index eecf47b78..3bce7312d 100644 --- a/data/templates/firewall/nftables-vrf-zones.j2 +++ b/data/templates/firewall/nftables-vrf-zones.j2 @@ -7,11 +7,11 @@ table inet vrf_zones { # Chain for inbound traffic chain vrf_zones_ct_in { type filter hook prerouting priority raw; policy accept; - counter ct zone set iifname map @ct_iface_map + counter ct original zone set iifname map @ct_iface_map } # Chain for locally-generated traffic chain vrf_zones_ct_out { type filter hook output priority raw; policy accept; - counter ct zone set oifname map @ct_iface_map + counter ct original zone set oifname map @ct_iface_map } } |