netfilter: nf_tables: allow to filter from prerouting and postrouting

This allows us to emulate the NAT table in ebtables, which is actually
a plain filter chain that hooks at prerouting, output and postrouting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c
index 5bcc0d8b31f22dff5b0368a77ae249f60e4bad9e..da17a5eab8b40e5df3eeafcef74934534eb26dd1 100644 (file)
--- a/net/bridge/netfilter/nf_tables_bridge.c
+++ b/net/bridge/netfilter/nf_tables_bridge.c
@@ -34,9 +34,11 @@ static struct nft_af_info nft_af_bridge __read_mostly = {
        .owner          = THIS_MODULE,
        .nops           = 1,
        .hooks          = {
+               [NF_BR_PRE_ROUTING]     = nft_do_chain_bridge,
                [NF_BR_LOCAL_IN]        = nft_do_chain_bridge,
                [NF_BR_FORWARD]         = nft_do_chain_bridge,
                [NF_BR_LOCAL_OUT]       = nft_do_chain_bridge,
+               [NF_BR_POST_ROUTING]    = nft_do_chain_bridge,
        },
 };