etc: add default IPv6 table and chain definitions
Add definition of table and chains to the optional xtables.conf file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/etc/xtables.conf b/etc/xtables.conf
index 6aee8aa..7b2b8e5 100644
--- a/etc/xtables.conf
+++ b/etc/xtables.conf
@@ -26,8 +26,42 @@
}
table security {
- chain INPUT hook NF_INET_LOCAL_IN prio 150
- chain FORWARD hook NF_INET_FORWARD prio 150
- chain OUTPUT hook NF_INET_LOCAL_OUT prio 150
+ chain INPUT hook NF_INET_LOCAL_IN prio 50
+ chain FORWARD hook NF_INET_FORWARD prio 50
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
+ }
+}
+
+family ipv6 {
+ table raw {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
+ }
+
+ table mangle {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
+ chain INPUT hook NF_INET_LOCAL_IN prio -150
+ chain FORWARD hook NF_INET_FORWARD prio -150
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
+ }
+
+ table filter {
+ chain INPUT hook NF_INET_LOCAL_IN prio 0
+ chain FORWARD hook NF_INET_FORWARD prio 0
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
+ }
+
+ table nat {
+ chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
+ chain INPUT hook NF_INET_LOCAL_IN prio -100
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
+ chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
+ }
+
+ table security {
+ chain INPUT hook NF_INET_LOCAL_IN prio 50
+ chain FORWARD hook NF_INET_FORWARD prio 50
+ chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
}
}
