Revert "ruleset: dispatch ct states using verdict map"

[project/firewall4.git] / tests / 03_rules / 08_family_inheritance

diff --git a/tests/03_rules/08_family_inheritance b/tests/03_rules/08_family_inheritance
index 605c74b13023797b5aadbc7917de6d583099e5e1..fa02eade0b7381f9d9818f7bc00926af7f3becb5 100644 (file)
--- a/tests/03_rules/08_family_inheritance
+++ b/tests/03_rules/08_family_inheritance
@@ -182,8 +182,10 @@ table inet fw4 {
        # Defines
        #
 
+       define ipv4only_devices = {  }
        define ipv4only_subnets = { 192.168.1.0/24 }
 
+
        #
        # User includes
        #
@@ -220,6 +222,10 @@ table inet fw4 {
                meta nfproto ipv4 ip daddr 192.168.1.0/24 jump output_ipv4only comment "!fw4: Handle ipv4only IPv4 output traffic"
        }
 
+       chain prerouting {
+               type filter hook prerouting priority filter; policy accept;
+       }
+
        chain handle_reject {
                meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
                reject with icmpx type port-unreachable comment "!fw4: Reject any other traffic"
@@ -260,9 +266,9 @@ table inet fw4 {
 
        chain srcnat {
                type nat hook postrouting priority srcnat; policy accept;
-               meta nfproto ipv4 masquerade comment "!fw4: NAT #3"
-               ip6 saddr fc00::/7 masquerade comment "!fw4: NAT #4"
-               masquerade comment "!fw4: NAT #6"
+               meta nfproto ipv4 counter masquerade comment "!fw4: NAT #3"
+               ip6 saddr fc00::/7 counter masquerade comment "!fw4: NAT #4"
+               counter masquerade comment "!fw4: NAT #6"
                meta nfproto ipv4 ip daddr 192.168.1.0/24 jump srcnat_ipv4only comment "!fw4: Handle ipv4only IPv4 srcnat traffic"
        }
 
@@ -270,12 +276,12 @@ table inet fw4 {
        }
 
        chain srcnat_ipv4only {
-               meta nfproto ipv4 masquerade comment "!fw4: NAT #5"
+               meta nfproto ipv4 counter masquerade comment "!fw4: NAT #5"
        }
 
 
        #
-       # Raw rules (notrack & helper)
+       # Raw rules (notrack)
        #
 
        chain raw_prerouting {