From 13b63da3fb36f80470f27b5bb8e0eec19ef1795b Mon Sep 17 00:00:00 2001
From: Paul Chambers <paul@chambers.name>
Date: Mon, 30 Sep 2019 09:40:40 -0700
Subject: [PATCH] bump the priority of miniupnpd's forward chain, so it
 processes packets before other filter chains

---
 miniupnpd/netfilter_nft/nftnlrdr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c
index 3ac4ce5..02a9da9 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr.c
@@ -72,7 +72,7 @@ init_redirect(void) {
 	result = table_op(NFT_MSG_NEWTABLE, NFPROTO_INET, nft_table);
 	if (result == 0) {
 		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_INET, nft_table,
-						  nft_forward_chain, FILTER_CHAIN_TYPE, NF_INET_FORWARD, NF_IP_PRI_FILTER);
+						  nft_forward_chain, FILTER_CHAIN_TYPE, NF_INET_FORWARD, NF_IP_PRI_FILTER - 25);
 	}
 
 	/* 'ip' family */
@@ -110,7 +110,7 @@ shutdown_redirect(void) {
 
 	/* 'inet' family */
 	result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_INET, nft_table,
-					  nft_forward_chain, FILTER_CHAIN_TYPE, NF_INET_FORWARD, NF_IP_PRI_FILTER);
+					  nft_forward_chain, FILTER_CHAIN_TYPE, NF_INET_FORWARD, NF_IP_PRI_FILTER - 25);
 	if (result == 0) {
 		result = table_op(NFT_MSG_DELTABLE, NFPROTO_INET, nft_table);
 	}