xtables.conf: fix hook skeletons nat prio for in/out were inverted. arp no longer has a forward chain. Signed-off-by: Florian Westphal <fw@strlen.de>

commit: b633ef9ac0cfaf9371374a9826493db114307b81 [log] [tgz]
author: Florian Westphal <fw@strlen.de> Wed May 02 18:29:51 2018 +0200
committer: Florian Westphal <fw@strlen.de> Fri May 04 23:24:55 2018 +0200
tree: a658d6b7acfa3d916abb07e06a2d6354c8efeaf7
parent: 7af21782bb6fc3480909120c20a55164248a9608 [diff]
diff --git a/etc/xtables.conf b/etc/xtables.conf
index d37b0d7..3c54ced 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf

@@ -20,8 +20,8 @@
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio -100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain INPUT hook NF_INET_LOCAL_IN prio 100
+		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
@@ -54,8 +54,8 @@
 
 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
-		chain INPUT hook NF_INET_LOCAL_IN prio -100
-		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+		chain INPUT hook NF_INET_LOCAL_IN prio 100
+		chain OUTPUT hook NF_INET_LOCAL_OUT prio -100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}
 
@@ -69,7 +69,6 @@
 family arp {
 	table filter {
 		chain INPUT hook NF_ARP_IN prio 0
-		chain FORWARD hook NF_ARP_FORWARD prio 0
 		chain OUTPUT hook NF_ARP_OUT prio 0
 	}
-}
\ No newline at end of file
+}
commit	b633ef9ac0cfaf9371374a9826493db114307b81	[log] [tgz]
author	Florian Westphal <fw@strlen.de>	Wed May 02 18:29:51 2018 +0200
committer	Florian Westphal <fw@strlen.de>	Fri May 04 23:24:55 2018 +0200
tree	a658d6b7acfa3d916abb07e06a2d6354c8efeaf7
parent	7af21782bb6fc3480909120c20a55164248a9608 [diff]