daemon: update nftables bridge tables to use priority -1 to beat default inet table rules if present

2022-02-03 14:29:42 -08:00 · 2022-02-03 14:29:42 -08:00 · 43737a42e4
commit 43737a42e4
parent 44b7b6a27e
1 changed files with 1 additions and 1 deletions
--- a/daemon/core/nodes/network.py
+++ b/daemon/core/nodes/network.py
@ -194,7 +194,7 @@ class NftablesQueue:
                self.cmds.append(f"add table bridge {net.brname}")
                self.cmds.append(
                    f"add chain bridge {net.brname} {self.chain} {{type filter hook "
-                    f"forward priority 0\\; policy {policy}\\;}}"
+                    f"forward priority -1\\; policy {policy}\\;}}"
                )
            # add default rule to accept all traffic not for this bridge
            self.cmds.append(