Hello, I am just doing my first steps with the nftables program, reading the documentation and entering some of the commands mentioned there. After reading something about NAT rules, I am now quite confused about the priorities that can be given when creating chains: The Wiki on https://wiki.nftables.org mentions two priorities specifically available for NAT, -100 and 100. But of these two, the wiki's example for NAT only uses the value 100 for the postrouting chain. The prerouting chain has priority 0, and there is no difference between SNAT and DNAT. When I look at the ipv4-nat example which is shipped together with my nftables package, both chains use priority -150, though due to the Wiki, that value is used for mangling. And when I look at some online-exmaples, they use 0 for prerouting and postrouting. So, what are really the best values to use for priority in snat prerouting and postrouting and dnat prerouting and postrouting? Kind regards Christoph -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
