diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-03-12 11:52:10 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-03-12 11:52:10 +0100 |
commit | 1fbda31623054ee944d063f738e4d1d4170341ef (patch) | |
tree | 18ab31834f3938052062faa80c19699897395ee0 /src/conf_mode/system_conntrack.py | |
parent | f33657534fb6e5253a88a04aa57fee6341b92a87 (diff) | |
download | vyos-1x-1fbda31623054ee944d063f738e4d1d4170341ef.tar.gz vyos-1x-1fbda31623054ee944d063f738e4d1d4170341ef.zip |
conntrack: T5080: Fix rule order for applied conntrack modules
Diffstat (limited to 'src/conf_mode/system_conntrack.py')
-rwxr-xr-x | src/conf_mode/system_conntrack.py | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/conf_mode/system_conntrack.py b/src/conf_mode/system_conntrack.py index e075bc928..2a55daed4 100755 --- a/src/conf_mode/system_conntrack.py +++ b/src/conf_mode/system_conntrack.py @@ -42,33 +42,33 @@ nftables_ct_file = r'/run/nftables-ct.conf' module_map = { 'ftp': { 'ko': ['nf_nat_ftp', 'nf_conntrack_ftp'], - 'nftables': ['ct helper set "ftp_tcp" tcp dport {21} return'] + 'nftables': ['tcp dport {21} ct helper set "ftp_tcp" return'] }, 'h323': { 'ko': ['nf_nat_h323', 'nf_conntrack_h323'], - 'nftables': ['ct helper set "ras_udp" udp dport {1719} return', - 'ct helper set "q931_tcp" tcp dport {1720} return'] + 'nftables': ['udp dport {1719} ct helper set "ras_udp" return', + 'tcp dport {1720} ct helper set "q931_tcp" return'] }, 'nfs': { - 'nftables': ['ct helper set "rpc_tcp" tcp dport {111} return', - 'ct helper set "rpc_udp" udp dport {111} return'] + 'nftables': ['tcp dport {111} ct helper set "rpc_tcp" return', + 'udp dport {111} ct helper set "rpc_udp" return'] }, 'pptp': { 'ko': ['nf_nat_pptp', 'nf_conntrack_pptp'], - 'nftables': ['ct helper set "pptp_tcp" tcp dport {1723} return'], + 'nftables': ['tcp dport {1723} ct helper set "pptp_tcp" return'], 'ipv4': True }, 'sip': { 'ko': ['nf_nat_sip', 'nf_conntrack_sip'], - 'nftables': ['ct helper set "sip_tcp" tcp dport {5060,5061} return', - 'ct helper set "sip_udp" udp dport {5060,5061} return'] + 'nftables': ['tcp dport {5060,5061} ct helper set "sip_tcp" return', + 'udp dport {5060,5061} ct helper set "sip_udp" return'] }, 'sqlnet': { - 'nftables': ['ct helper set "tns_tcp" tcp dport {1521,1525,1536} return'] + 'nftables': ['tcp dport {1521,1525,1536} ct helper set "tns_tcp" return'] }, 'tftp': { 'ko': ['nf_nat_tftp', 'nf_conntrack_tftp'], - 'nftables': ['ct helper set "tftp_udp" udp dport {69} return'] + 'nftables': ['udp dport {69} ct helper set "tftp_udp" return'] }, } |