[nft PATCH] doc: nft.8: Document lower priority limit for nat type chains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Users can't know the magic limit.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 doc/nft.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/nft.txt b/doc/nft.txt
index 7de4935b4b375..0d60c7520d31e 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -439,6 +439,9 @@ name which specifies the order in which chains with the same *hook* value are
 traversed. The ordering is ascending, i.e. lower priority values have precedence
 over higher ones.
 
+With *nat* type chains, there's a lower excluding limit of -200 for *priority*
+values, because conntrack hooks at this priority and NAT requires it.
+
 Standard priority values can be replaced with easily memorizable names.  Not all
 names make sense in every family with every hook (see the compatibility matrices
 below) but their numerical value can still be used for prioritizing chains.
-- 
2.38.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux