ruleset: fix conntrack helpers
In nftables, helper assignments need to be performed after the conntrack
lookup has completed. Using the raw priority results in the assignment
being done before the conntrack lookup, which breaks conntrack helpers.
Fix this by moving the jumps helper rule chains to a new toplevel
`prerouting` and the existing `output` chain respectively.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[new toplevel `prerouting` chain + reuse existing `output` chain]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
20 files changed:
projects / project / firewall4.git / commit