T5488: Set correct priority -300 for conntrack entries

For conntrack ignore priority must be less then -200
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-08-17 17:38:27 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-08-17 17:38:27 +0000
commit: 8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8 (patch)
tree: c1b048eae4b11c59e3002bd506da09d3f259dd06
parent: 08cb4f350b335d5af401f30850d410b4be38530d (diff)
download: vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.tar.gz
vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf
index 11a5bc7bf..36d92fe93 100644
--- a/data/vyos-firewall-init.conf
+++ b/data/vyos-firewall-init.conf
@@ -20,7 +20,7 @@ table raw {
     }
 
     chain PREROUTING {
-        type filter hook prerouting priority -200; policy accept;
+        type filter hook prerouting priority -300; policy accept;
         counter jump VYOS_CT_IGNORE
         counter jump VYOS_CT_TIMEOUT
         counter jump VYOS_CT_PREROUTING_HOOK
@@ -29,7 +29,7 @@ table raw {
     }
 
     chain OUTPUT {
-        type filter hook output priority -200; policy accept;
+        type filter hook output priority -300; policy accept;
         counter jump VYOS_CT_IGNORE
         counter jump VYOS_CT_TIMEOUT
         counter jump VYOS_CT_OUTPUT_HOOK
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-08-17 17:38:27 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-08-17 17:38:27 +0000
commit	8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8 (patch)
tree	c1b048eae4b11c59e3002bd506da09d3f259dd06
parent	08cb4f350b335d5af401f30850d410b4be38530d (diff)
download	vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.tar.gz vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.zip