netfilter: nf_tables: allow to filter from prerouting and postrouting

author Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 1 Oct 2014 18:34:37 +0000 (20:34 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 2 Oct 2014 16:30:56 +0000 (18:30 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 1 Oct 2014 18:34:37 +0000 (20:34 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 2 Oct 2014 16:30:56 +0000 (18:30 +0200)
diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c

index 5bcc0d8b31f22dff5b0368a77ae249f60e4bad9e..da17a5eab8b40e5df3eeafcef74934534eb26dd1 100644 (file)
--- a/net/bridge/netfilter/nf_tables_bridge.c
+++ b/net/bridge/netfilter/nf_tables_bridge.c
@@ -34,9 +34,11 @@ static struct nft_af_info nft_af_bridge __read_mostly = {
         .owner          = THIS_MODULE,
         .nops           = 1,
         .hooks          = {
+               [NF_BR_PRE_ROUTING]     = nft_do_chain_bridge,
                 [NF_BR_LOCAL_IN]        = nft_do_chain_bridge,
                 [NF_BR_FORWARD]         = nft_do_chain_bridge,
                 [NF_BR_LOCAL_OUT]       = nft_do_chain_bridge,
+               [NF_BR_POST_ROUTING]    = nft_do_chain_bridge,
         },
  };
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 1 Oct 2014 18:34:37 +0000 (20:34 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 2 Oct 2014 16:30:56 +0000 (18:30 +0200)