-table raw prio -300 {
- chain PREROUTING hook NF_INET_PRE_ROUTING
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table raw {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
}
-table mangle prio -150 {
- chain PREROUTING hook NF_INET_PRE_ROUTING
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
- chain POSTROUTING hook NF_INET_POST_ROUTING
+table mangle {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
+ chain INPUT hook NF_INET_LOCAL_IN prio -150
+ chain FORWARD hook NF_INET_FORWARD prio -150
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
}
-table filter prio 0 {
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table filter {
+ chain INPUT hook NF_INET_LOCAL_IN prio 0
+ chain FORWARD hook NF_INET_FORWARD prio 0
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
}
-table security prio 150 {
- chain INPUT hook NF_INET_LOCAL_IN
- chain FORWARD hook NF_INET_FORWARD
- chain OUTPUT hook NF_INET_LOCAL_OUT
+table nat {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
+ chain INPUT hook NF_INET_LOCAL_IN prio -100
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+}
+
+table security {
+ chain INPUT hook NF_INET_LOCAL_IN prio 150
+ chain FORWARD hook NF_INET_FORWARD prio 150
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 150
}
line : table
;
-table : T_TABLE T_STRING T_PRIO T_INTEGER '{' chains '}'
+table : T_TABLE T_STRING '{' chains '}'
{
/* added in reverse order to pop it in order */
- void *data = stack_push(T_PRIO, sizeof(int32_t));
- stack_put_i32(data, $4);
- data = stack_push(T_TABLE, strlen($2));
+ void *data = stack_push(T_TABLE, strlen($2));
stack_put_str(data, $2);
}
;
| chains chain
;
-chain : T_CHAIN T_STRING T_HOOK T_STRING
+chain : T_CHAIN T_STRING T_HOOK T_STRING T_PRIO T_INTEGER
{
/* added in reverse order to pop it in order */
- void *data = stack_push(T_HOOK, strlen($4));
+ void *data = stack_push(T_PRIO, sizeof(int32_t));
+ stack_put_i32(data, $6);
+ data = stack_push(T_HOOK, strlen($4));
stack_put_str(data, $4);
data = stack_push(T_CHAIN, strlen($2));
stack_put_str(data, $2);
}
nft_chain_attr_set(chain, NFT_CHAIN_ATTR_TABLE,
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data);
nft_chain_list_add(chain, chain_list);
break;
case T_HOOK:
nft_chain_attr_set_u32(chain, NFT_CHAIN_ATTR_HOOKNUM,
hooknametonum(e->data));
- nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
break;
default:
printf("unknown token type %d\n", e->token);
struct nft_table *table;
struct nft_chain *chain;
const char *filename = NULL;
- struct nft_handle h;
+ struct nft_handle h = {
+ .family = AF_INET,
+ };
if (argc > 2) {
fprintf(stderr, "Usage: %s [<config_file>]\n", argv[0]);
projects / thirdparty / iptables.git / commitdiff
