diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-08-17 17:38:27 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-08-17 17:38:27 +0000 |
commit | 8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8 (patch) | |
tree | c1b048eae4b11c59e3002bd506da09d3f259dd06 /data | |
parent | 08cb4f350b335d5af401f30850d410b4be38530d (diff) | |
download | vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.tar.gz vyos-1x-8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8.zip |
T5488: Set correct priority -300 for conntrack entries
For conntrack ignore priority must be less then -200
Diffstat (limited to 'data')
-rw-r--r-- | data/vyos-firewall-init.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf index 11a5bc7bf..36d92fe93 100644 --- a/data/vyos-firewall-init.conf +++ b/data/vyos-firewall-init.conf @@ -20,7 +20,7 @@ table raw { } chain PREROUTING { - type filter hook prerouting priority -200; policy accept; + type filter hook prerouting priority -300; policy accept; counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_PREROUTING_HOOK @@ -29,7 +29,7 @@ table raw { } chain OUTPUT { - type filter hook output priority -200; policy accept; + type filter hook output priority -300; policy accept; counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_OUTPUT_HOOK |