16 lines
385 B
Text
16 lines
385 B
Text
# try to reuse existing chains as jump targets
|
|
chain forward {
|
|
counter name "zone-forward"
|
|
# source address based allow-/blocklist
|
|
jump xlist-lookup
|
|
|
|
jump forward-zone-svc
|
|
jump proto-filter
|
|
|
|
# forward for local subnets, allows container communication
|
|
# without marking packets
|
|
ip saddr @set_private_net_v4 accept
|
|
ip6 saddr @set_private_net_v6 accept
|
|
|
|
goto $DEFAULT_VERDICT
|
|
}
|