xtables.conf: fix hook skeletons

nat prio for in/out were inverted.
arp no longer has a forward chain.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/etc/xtables.conf b/etc/xtables.conf
index d37b0d7ca9ab38a69b1c3f4303630015539fa209..3c54ced043d82cea29af77dfd1d2f80d12d5b131 100644 (file)
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -20,8 +20,8 @@ family ipv4 {
 
        table nat {
                chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-               chain INPUT hook NF_INET_LOCAL_IN prio -100
-               chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+               chain INPUT hook NF_INET_LOCAL_IN prio 100
+               chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
                chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
        }
 
@@ -54,8 +54,8 @@ family ipv6 {
 
        table nat {
                chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-               chain INPUT hook NF_INET_LOCAL_IN prio -100
-               chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+               chain INPUT hook NF_INET_LOCAL_IN prio 100
+               chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
                chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
        }
 
@@ -69,7 +69,6 @@ family ipv6 {
 family arp {
        table filter {
                chain INPUT hook NF_ARP_IN prio 0
-               chain FORWARD hook NF_ARP_FORWARD prio 0
                chain OUTPUT hook NF_ARP_OUT prio 0
        }
-}
\ No newline at end of file
+}