Use the `route` chain type for the `mangle_output` chain since rules in
this chain influence egress packet routing.
Fixes: #9955
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
18 files changed:
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
{% for (let rule in fw4.rules("mangle_output")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
{% for (let rule in fw4.rules("mangle_output")): %}
{%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
meta nfproto ipv4 meta l4proto tcp counter ip dscp set 0x1 comment "!fw4: Mangle rule #7"
meta nfproto ipv6 meta l4proto tcp counter ip6 dscp set 0x1 comment "!fw4: Mangle rule #7"
meta nfproto ipv4 meta l4proto udp counter ip dscp set 0x1 comment "!fw4: Mangle rule #7"
meta nfproto ipv4 meta l4proto tcp counter ip dscp set 0x1 comment "!fw4: Mangle rule #7"
meta nfproto ipv6 meta l4proto tcp counter ip6 dscp set 0x1 comment "!fw4: Mangle rule #7"
meta nfproto ipv4 meta l4proto udp counter ip dscp set 0x1 comment "!fw4: Mangle rule #7"
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;
- type filter hook output priority mangle; policy accept;
+ type route hook output priority mangle; policy accept;