summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-25 15:05:01 +0200
committerGitHub <noreply@github.com>2024-06-25 15:05:01 +0200
commit064cbc38f1449aea292907ac518eeffaa64e27d6 (patch)
tree0d586110176a8f9da532df80efcfc669b007518f /data/templates/firewall/nftables.j2
parent4f89e4b7a19a58d893e4e89a6e8491f239f1122e (diff)
parentecf3141d5b5fe08c6ae00b5cd299daf6a6e30f82 (diff)
downloadvyos-1x-064cbc38f1449aea292907ac518eeffaa64e27d6.tar.gz
vyos-1x-064cbc38f1449aea292907ac518eeffaa64e27d6.zip
Merge pull request #3722 from nicolas-fort/T3900-v6-template
T3900: extend latest fix for firewall raw implementation to ipv6.
Diffstat (limited to 'data/templates/firewall/nftables.j2')
-rw-r--r--data/templates/firewall/nftables.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index ee34f58fc..68a3bfd87 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -239,7 +239,7 @@ table ip6 vyos_filter {
{% for prior, conf in ipv6.output.items() %}
chain VYOS_IPV6_OUTPUT_{{ prior }} {
type filter hook output priority {{ prior }}; policy accept;
-{% if global_options.state_policy is vyos_defined %}
+{% if global_options.state_policy is vyos_defined and prior == 'filter' %}
jump VYOS_STATE_POLICY6
{% endif %}
{% if conf.rule is vyos_defined %}