From 43737a42e4190de0cd7cae4bf7a5621f7286d8e2 Mon Sep 17 00:00:00 2001
From: Blake Harnden <32446120+bharnden@users.noreply.github.com>
Date: Thu, 3 Feb 2022 14:29:42 -0800
Subject: [PATCH] daemon: update nftables bridge tables to use priority -1 to
 beat default inet table rules if present

---
 daemon/core/nodes/network.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemon/core/nodes/network.py b/daemon/core/nodes/network.py
index 32d420dd..1a964fc0 100644
--- a/daemon/core/nodes/network.py
+++ b/daemon/core/nodes/network.py
@@ -194,7 +194,7 @@ class NftablesQueue:
                 self.cmds.append(f"add table bridge {net.brname}")
                 self.cmds.append(
                     f"add chain bridge {net.brname} {self.chain} {{type filter hook "
-                    f"forward priority 0\\; policy {policy}\\;}}"
+                    f"forward priority -1\\; policy {policy}\\;}}"
                 )
             # add default rule to accept all traffic not for this bridge
             self.cmds.append(