From 5244af18383e6812437228eb9532b75b8a492705 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Tue, 22 Mar 2022 14:24:41 +0300
Subject: [PATCH] nftables: flush predefrag chain

---
 common/nft.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/nft.sh b/common/nft.sh
index aa23177..c851c43 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -84,9 +84,10 @@ cat << EOF | nft -f -
 	add rule inet  $ZAPRET_NFT_TABLE localnet_protect ip daddr 127.0.0.0/8 drop comment "route_localnet remote access protection"
 	add rule inet  $ZAPRET_NFT_TABLE input iif != lo jump localnet_protect
 	add chain inet $ZAPRET_NFT_TABLE postrouting { type filter hook postrouting priority 101; }
-	add chain inet $ZAPRET_NFT_TABLE predefrag { type filter hook output priority -401; }
-	add rule inet $ZAPRET_NFT_TABLE predefrag mark and $DESYNC_MARK !=0 notrack comment "do not track nfqws generated packets to avoid nat tampering and defragmentation"
 	flush chain inet $ZAPRET_NFT_TABLE postrouting
+	add chain inet $ZAPRET_NFT_TABLE predefrag { type filter hook output priority -401; }
+	flush chain inet $ZAPRET_NFT_TABLE predefrag 
+	add rule inet $ZAPRET_NFT_TABLE predefrag mark and $DESYNC_MARK !=0 notrack comment "do not track nfqws generated packets to avoid nat tampering and defragmentation"
 	add set inet $ZAPRET_NFT_TABLE lanif { type ifname; }
 	add set inet $ZAPRET_NFT_TABLE wanif { type ifname; }
 	add set inet $ZAPRET_NFT_TABLE wanif6 { type ifname; }