]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1a9d5d)
Update chain creation format.
authorEric Leblond <eric@regit.org>
Mon, 16 Sep 2013 16:27:37 +0000 (18:27 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 17 Sep 2013 11:11:14 +0000 (13:11 +0200)
type keyword is now mandatory when creating a new chain. This
patc halso implement the change required following the usage of human
notation in hook.

It also suppressed non currently supported mangle chains.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
files/nftables/bridge-filter patch | blob | blame | history
files/nftables/ipv4-filter patch | blob | blame | history
files/nftables/ipv4-mangle patch | blob | blame | history
files/nftables/ipv4-nat [new file with mode: 0644] patch | blob
files/nftables/ipv6-filter patch | blob | blame | history
files/nftables/ipv6-mangle patch | blob | blame | history
files/nftables/ipv6-nat [new file with mode: 0644] patch | blob

diff --git a/files/nftables/bridge-filter b/files/nftables/bridge-filter
index ca306d489fed69ea3092ce3e21a1ad3db94c1ad9..54779c4ae787c5fb8a09723bdcb35e7a53353c1f 100644 (file)
--- a/files/nftables/bridge-filter
+++ b/files/nftables/bridge-filter
@@ -1,7 +1,7 @@
 #! nft -f
 
 table bridge filter {
-       chain input             { hook NF_INET_LOCAL_IN         -200; }
-       chain forward           { hook NF_INET_FORWARD          -200; }
-       chain output            { hook NF_INET_LOCAL_OUT        200; }
+       chain input             { type filter hook input priority -200; }
+       chain forward           { type filter hook forward priority -200; }
+       chain output            { type filter hook output priority 200; }
 }
diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter
index 3f962143dbb2f06ddcbdb876c159435714dc1824..3174e7a9e3edb15c2f944bb5ed780332c679a07d 100644 (file)
--- a/files/nftables/ipv4-filter
+++ b/files/nftables/ipv4-filter
@@ -1,7 +1,7 @@
 #! nft -f
 
 table filter {
-       chain input             { hook NF_INET_LOCAL_IN         0; }
-       chain forward           { hook NF_INET_FORWARD          0; }
-       chain output            { hook NF_INET_LOCAL_OUT        0; }
+       chain input             { type filter hook input priority 0; }
+       chain forward           { type filter hook forward priority 0; }
+       chain output            { type filter hook output priority 0; }
 }
diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle
index 339cacea14901ef6736f930b464c2c4a4e09e65d..27327d3b83a1fa0f46578ccc147b86ce777b4f9d 100644 (file)
--- a/files/nftables/ipv4-mangle
+++ b/files/nftables/ipv4-mangle
@@ -1,9 +1,5 @@
 #! nft -f
 
 table mangle {
-       chain prerouting        { hook NF_INET_PRE_ROUTING      -150; }
-       chain input             { hook NF_INET_LOCAL_IN         -150; }
-       chain forward           { hook NF_INET_FORWARD          -150; }
-       chain output            { hook NF_INET_LOCAL_OUT        -150; }
-       chain postrouting       { hook NF_INET_POST_ROUTING     -150; }
+       chain output            { type route hook output priority -150; }
 }
diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
new file mode 100644 (file)
index 0000000..99d6951
--- /dev/null
+++ b/files/nftables/ipv4-nat
@@ -0,0 +1,6 @@
+#! nft -f
+
+table nat {
+       chain prerouting        { type nat hook prerouting priority -150; }
+       chain postrouting       { type nat hook postrouting priority -150; }
+}
diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter
index 9e4127847dab72ce300bbd8bfbb81179310c2bb5..98fce02d7b9f2067f6b35578f6beea8862d7446c 100644 (file)
--- a/files/nftables/ipv6-filter
+++ b/files/nftables/ipv6-filter
@@ -1,7 +1,7 @@
 #! nft -f
 
 table ip6 filter {
-       chain input             { hook NF_INET_LOCAL_IN         0; }
-       chain forward           { hook NF_INET_FORWARD          0; }
-       chain output            { hook NF_INET_LOCAL_OUT        0; }
+       chain input             { type filter hook input priority 0; }
+       chain forward           { type filter hook forward priority 0; }
+       chain output            { type filter hook output priority 0; }
 }
diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle
index dc18c7a8a163b8280ed6c06bb89a759cfbff01e3..727435325340c18ea55d5709464a87969e6faf0a 100644 (file)
--- a/files/nftables/ipv6-mangle
+++ b/files/nftables/ipv6-mangle
@@ -1,9 +1,5 @@
 #! nft -f
 
 table ip6 mangle {
-       chain prerouting        { hook NF_INET_PRE_ROUTING      -150; }
-       chain input             { hook NF_INET_LOCAL_IN         -150; }
-       chain forward           { hook NF_INET_FORWARD          -150; }
-       chain output            { hook NF_INET_LOCAL_OUT        -150; }
-       chain postrouting       { hook NF_INET_POST_ROUTING     -150; }
+       chain output            { type route hook output priority -150; }
 }
diff --git a/files/nftables/ipv6-nat b/files/nftables/ipv6-nat
new file mode 100644 (file)
index 0000000..33ecf9b
--- /dev/null
+++ b/files/nftables/ipv6-nat
@@ -0,0 +1,6 @@
+#! nft -f
+
+table ip6 nat {
+       chain prerouting        { type nat hook prerouting priority -150; }
+       chain postrouting       { type nat hook postrouting priority -150; }
+}
Mirror of git://git.netfilter.org/nftables