diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-09-10 20:36:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-10 20:36:49 +0200 |
| commit | 87880a552fd112157a59afafa34fcbd6891f30ae (patch) | |
| tree | 132c055789a843d2c7f76b2eadac96b0723a1778 /data/templates | |
| parent | 0ad6d33f2fb19c2b630aac0c8e984895dd8af54d (diff) | |
| parent | aed71d4b7718d55982cf694617c04e28aa002c93 (diff) | |
| download | vyos-1x-87880a552fd112157a59afafa34fcbd6891f30ae.tar.gz vyos-1x-87880a552fd112157a59afafa34fcbd6891f30ae.zip | |
Merge pull request #2236 from vfreex/fix-nat-problem-with-vrf
T3655: Fix NAT problem with VRF
Diffstat (limited to 'data/templates')
| -rw-r--r-- | data/templates/firewall/nftables-vrf-zones.j2 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2 index eecf47b78..3bce7312d 100644 --- a/data/templates/firewall/nftables-vrf-zones.j2 +++ b/data/templates/firewall/nftables-vrf-zones.j2 @@ -7,11 +7,11 @@ table inet vrf_zones { # Chain for inbound traffic chain vrf_zones_ct_in { type filter hook prerouting priority raw; policy accept; - counter ct zone set iifname map @ct_iface_map + counter ct original zone set iifname map @ct_iface_map } # Chain for locally-generated traffic chain vrf_zones_ct_out { type filter hook output priority raw; policy accept; - counter ct zone set oifname map @ct_iface_map + counter ct original zone set oifname map @ct_iface_map } } |