Use a global -m conntrack --ctstate DNAT rule to accept all port forwards of a given...

[project/firewall3.git] / defaults.c

diff --git a/defaults.c b/defaults.c
index 127f7506782c29b16dfd354db5a823dc87da25f4..07468873730b12e31a546a5fa7d3d306cffcfb35 100644 (file)
--- a/defaults.c
+++ b/defaults.c
@@ -40,7 +40,7 @@ static const struct fw3_chain_spec default_chains[] = {
        C(ANY, MANGLE, UNSPEC,        "mssfix"),
        C(ANY, MANGLE, UNSPEC,        "fwmark"),
 
-       C(ANY, RAW,    UNSPEC,        "notrack"),
+       C(ANY, RAW,    UNSPEC,        "delegate_notrack"),
 
        { }
 };
@@ -208,7 +208,7 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle,
                { FW3_TABLE_MANGLE, "FORWARD",     "mssfix" },
                { FW3_TABLE_MANGLE, "PREROUTING",  "fwmark" },
 
-               { FW3_TABLE_RAW,    "PREROUTING",  "notrack" },
+               { FW3_TABLE_RAW,    "PREROUTING",  "delegate_notrack" },
 
                { 0, NULL },
        };