ruleset: fix conntrack helpers

[project/firewall4.git] / tests / 02_zones / 02_masq

diff --git a/tests/02_zones/02_masq b/tests/02_zones/02_masq
index 0612a71ee62df34bc118b664fc5ab847ffdfd123..e789fde2e9497160d2af9cdbf080f5294db02b49 100644 (file)
--- a/tests/02_zones/02_masq
+++ b/tests/02_zones/02_masq
@@ -124,6 +124,10 @@ table inet fw4 {
                oifname "zone3" jump output_test3 comment "!fw4: Handle test3 IPv4/IPv6 output traffic"
        }
 
+       chain prerouting {
+               type filter hook prerouting priority filter; policy accept;
+       }
+
        chain handle_reject {
                meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
                reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
@@ -220,7 +224,7 @@ table inet fw4 {
 
 
        #
-       # Raw rules (notrack & helper)
+       # Raw rules (notrack)
        #
 
        chain raw_prerouting {