diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-02-28 20:56:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-28 20:56:54 +0100 |
| commit | 5896eacd12f16d1b9810b325c205179a1606c885 (patch) | |
| tree | 90f70d19c3c44f3671c1d77417308356fcbfd7f7 /data | |
| parent | fdfe194634f7a15c2299a3a3bffbe64fe578f466 (diff) | |
| parent | 88dfa47ded706ea53a7b10ed058ddd5023226896 (diff) | |
| download | vyos-1x-5896eacd12f16d1b9810b325c205179a1606c885.tar.gz vyos-1x-5896eacd12f16d1b9810b325c205179a1606c885.zip | |
Merge pull request #3059 from vyos/mergify/bp/sagitta/pr-3055
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required (backport #3055)
Diffstat (limited to 'data')
| -rw-r--r-- | data/config-mode-dependencies/vyos-1x.json | 3 | ||||
| -rw-r--r-- | data/vyos-firewall-init.conf | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json index b0586e0bb..6ab36005b 100644 --- a/data/config-mode-dependencies/vyos-1x.json +++ b/data/config-mode-dependencies/vyos-1x.json @@ -1,6 +1,7 @@ { "system_conntrack": { - "conntrack_sync": ["service_conntrack-sync"] + "conntrack_sync": ["service_conntrack-sync"], + "vrf": ["vrf"] }, "firewall": { "conntrack": ["system_conntrack"], diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf index 5a4e03015..3929edf0b 100644 --- a/data/vyos-firewall-init.conf +++ b/data/vyos-firewall-init.conf @@ -65,11 +65,9 @@ table inet vrf_zones { # Chain for inbound traffic chain vrf_zones_ct_in { type filter hook prerouting priority raw; policy accept; - counter ct original zone set iifname map @ct_iface_map } # Chain for locally-generated traffic chain vrf_zones_ct_out { type filter hook output priority raw; policy accept; - counter ct original zone set oifname map @ct_iface_map } } |