From 8c2aa73dce97a7c8c7e5efd2076e272a1af90bc8 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Thu, 17 Aug 2023 17:38:27 +0000
Subject: T5488: Set correct priority -300 for conntrack entries

For conntrack ignore priority must be less then -200
---
 data/vyos-firewall-init.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'data')

diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf
index 11a5bc7bf..36d92fe93 100644
--- a/data/vyos-firewall-init.conf
+++ b/data/vyos-firewall-init.conf
@@ -20,7 +20,7 @@ table raw {
     }
 
     chain PREROUTING {
-        type filter hook prerouting priority -200; policy accept;
+        type filter hook prerouting priority -300; policy accept;
         counter jump VYOS_CT_IGNORE
         counter jump VYOS_CT_TIMEOUT
         counter jump VYOS_CT_PREROUTING_HOOK
@@ -29,7 +29,7 @@ table raw {
     }
 
     chain OUTPUT {
-        type filter hook output priority -200; policy accept;
+        type filter hook output priority -300; policy accept;
         counter jump VYOS_CT_IGNORE
         counter jump VYOS_CT_TIMEOUT
         counter jump VYOS_CT_OUTPUT_HOOK
-- 
cgit v1.2.3