[PATCH RESEND] wg-quick: linux: raise priority for mangle nft chain

[Dominique Martinet]

Setting mark must be done as early as possible in case there are
ipv6 rpfilter rules in the mangle table (a nft filter could be done
later but with ip6tables this is the latest it can be checked).
Mark must be set before the return path check for it to work correctly.

priority -160 gets rendered as "mangle - 10" in nft list table,
and will correctly set the mark before other mangle prerouting rules
if there are any and same as before if there aren't.

Signed-off-by: Dominique Martinet <asmadeus at codewreck.org>
---
bump ?
I don't mind being plain refused, but no answer is annoying :)

Cheers,

 src/wg-quick/linux.bash | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 7c2c002..9001c6a 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -222,7 +222,7 @@ add_default() {
 	local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd 
 	printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
 	printf -v nftcmd '%sadd chain %s %s preraw { type filter hook prerouting priority -300; }\n' "$nftcmd" "$pf" "$nftable"
-	printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -150; }\n' "$nftcmd" "$pf" "$nftable"
+	printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -160; }\n' "$nftcmd" "$pf" "$nftable"
 	printf -v nftcmd '%sadd chain %s %s postmangle { type filter hook postrouting priority -150; }\n' "$nftcmd" "$pf" "$nftable"
 	while read -r line; do
 		[[ $line =~ .*inet6?\ ([0-9a-f:.]+)/[0-9]+.* ]] || continue
-- 
2.26.2