From 0603a1cb6fb93124c88e7369a14403a841e8b2b6 Mon Sep 17 00:00:00 2001
From: Andris PE <neandris@gmail.com>
Date: Mon, 13 Oct 2025 15:54:13 +0000
Subject: [PATCH] ruleset: add prerouting chain includes

Add missing includes around prerouting chains
Used by eg transparent proxies.

Signed-off-by: Andris PE <neandris@gmail.com>
---
 root/usr/share/firewall4/templates/ruleset.uc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/root/usr/share/firewall4/templates/ruleset.uc b/root/usr/share/firewall4/templates/ruleset.uc
index 2bec4d9..5c3d56a 100644
--- a/root/usr/share/firewall4/templates/ruleset.uc
+++ b/root/usr/share/firewall4/templates/ruleset.uc
@@ -181,6 +181,7 @@ table inet fw4 {
 
 	chain prerouting {
 		type filter hook prerouting priority filter; policy accept;
+{% fw4.includes('chain-prepend', 'prerouting') %}
 {% for (let zone in fw4.zones()): %}
 {%  if (zone.dflags.helper): %}
 {%   for (let rule in zone.match_rules): %}
@@ -192,6 +193,7 @@ table inet fw4 {
 {%   endfor %}
 {%  endif %}
 {% endfor %}
+{% fw4.includes('chain-append', 'prerouting') %}
 	}
 
 	chain handle_reject {
@@ -363,6 +365,7 @@ table inet fw4 {
 
 	chain raw_prerouting {
 		type filter hook prerouting priority raw; policy accept;
+{% fw4.includes('chain-prepend', 'raw_prerouting') %}
 {% for (let zone in fw4.zones()): %}
 {%  if (zone.dflags["notrack"]): %}
 {%   for (let rule in zone.match_rules): %}