Remove problematic vmaps
This commit is contained in:
parent
654ef09ea0
commit
17cc8d55e2
|
@ -71,31 +71,27 @@ table inet firewall {
|
|||
|
||||
# Filters on input interfaces. The final decision is not taken in the from_* chain,
|
||||
# but instead packets return here for further processing. This is why `jump` is used here.
|
||||
meta iif vmap {
|
||||
$if_users: jump from_users,
|
||||
$if_deco: jump from_deco,
|
||||
$if_prod: jump from_prod,
|
||||
$if_dmz: jump from_dmz,
|
||||
$if_switchs: jump from_switchs,
|
||||
$if_federez: jump from_federez,
|
||||
$if_renater: jump from_renater,
|
||||
$if_dmz_wireguard: jump from_dmz_wireguard,
|
||||
$if_nerim: jump from_nerim,
|
||||
}
|
||||
meta iif $if_users jump from_users
|
||||
meta iif $if_deco jump from_deco
|
||||
meta iif $if_prod jump from_prod
|
||||
meta iif $if_dmz jump from_dmz
|
||||
meta iif $if_switchs jump from_switchs
|
||||
meta iif $if_federez jump from_federez
|
||||
meta iif $if_renater jump from_renater
|
||||
meta iif $if_dmz_wireguard jump from_dmz_wireguard
|
||||
meta iif $if_nerim jump from_nerim
|
||||
|
||||
# Filters on output interfaces. Do not return: either drop or accept
|
||||
# We use goto so we don't return to the calling chain after packets have been processed
|
||||
meta oif vmap {
|
||||
$if_users: goto to_users,
|
||||
$if_deco: goto to_deco,
|
||||
$if_prod: goto to_prod,
|
||||
$if_dmz: goto to_dmz,
|
||||
$if_switchs: goto to_switchs,
|
||||
$if_federez: goto to_federez,
|
||||
$if_renater: goto to_renater,
|
||||
$if_dmz_wireguard: goto to_dmz_wireguard,
|
||||
$if_nerim: jump from_nerim
|
||||
}
|
||||
meta oif $if_users goto to_users
|
||||
meta oif $if_deco goto to_deco
|
||||
meta oif $if_prod goto to_prod
|
||||
meta oif $if_dmz goto to_dmz
|
||||
meta oif $if_switchs goto to_switchs
|
||||
meta oif $if_federez goto to_federez
|
||||
meta oif $if_renater goto to_renater
|
||||
meta oif $if_dmz_wireguard goto to_dmz_wireguard
|
||||
meta oif $if_nerim jump from_nerim
|
||||
|
||||
counter log prefix "Uncaught traffic:"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue