afonso/core-extra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

daemon: update nftables bridge tables to use priority -1 to beat default inet table rules if present

Browse source
This commit is contained in:
Blake Harnden 2022-02-03 14:29:42 -08:00
parent 44b7b6a27e
commit 43737a42e4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/core/nodes/network.py
View file

@ -194,7 +194,7 @@ class NftablesQueue:
self.cmds.append(f"add table bridge {net.brname}") self.cmds.append(f"add table bridge {net.brname}")
self.cmds.append( self.cmds.append(
f"add chain bridge {net.brname} {self.chain} {{type filter hook " f"add chain bridge {net.brname} {self.chain} {{type filter hook "
f"forward priority 0\\; policy {policy}\\;}}" f"forward priority -1\\; policy {policy}\\;}}"
) )
# add default rule to accept all traffic not for this bridge # add default rule to accept all traffic not for this bridge
self.cmds.append( self.cmds.append(