From 7829229e8a91c554db188cf523669bb11ec77c2a Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 20 Jun 2024 14:57:50 +0000 Subject: T3900: firewall: fix for initial implementation - remove jump to state policy on OUTUT_raw --- data/templates/firewall/nftables.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data/templates') diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 343917fee..ee34f58fc 100644 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -86,7 +86,7 @@ table ip vyos_filter { {% for prior, conf in ipv4.output.items() %} chain VYOS_OUTPUT_{{ prior }} { type filter hook output priority {{ prior }}; policy accept; -{% if global_options.state_policy is vyos_defined %} +{% if global_options.state_policy is vyos_defined and prior == 'filter' %} jump VYOS_STATE_POLICY {% endif %} {% if conf.rule is vyos_defined %} -- cgit v1.2.3