summaryrefslogtreecommitdiff
path: root/data/templates/firewall
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-22 20:48:44 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-30 11:12:53 +0000
commitf5590b63f2a849ebe63bf453c561930f846598d5 (patch)
tree0f56d8fea74e116d150494667bbda77b3b16c9e3 /data/templates/firewall
parent4d3df44028571c49bdc590778a7c6214373c7297 (diff)
downloadvyos-1x-f5590b63f2a849ebe63bf453c561930f846598d5.tar.gz
vyos-1x-f5590b63f2a849ebe63bf453c561930f846598d5.zip
vrf: T5973: move initial conntrack firewall table to startup
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code. (cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
Diffstat (limited to 'data/templates/firewall')
-rw-r--r--data/templates/firewall/nftables-vrf-zones.j217
1 files changed, 0 insertions, 17 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
deleted file mode 100644
index 3bce7312d..000000000
--- a/data/templates/firewall/nftables-vrf-zones.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-table inet vrf_zones {
- # Map of interfaces and connections tracking zones
- map ct_iface_map {
- typeof iifname : ct zone
- }
- # Assign unique zones for each VRF
- # Chain for inbound traffic
- chain vrf_zones_ct_in {
- type filter hook prerouting priority raw; policy accept;
- counter ct original zone set iifname map @ct_iface_map
- }
- # Chain for locally-generated traffic
- chain vrf_zones_ct_out {
- type filter hook output priority raw; policy accept;
- counter ct original zone set oifname map @ct_iface_map
- }
-}