From 9a49a8aac4f316622bd90c9ae6e8fec50bc52f14 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Fri, 11 Jan 2019 14:06:54 +0100
Subject: [PATCH] Update nftables ruleset syntax

Apparently the tooling is now more strict in what syntax it accepts.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 layer/router-alix/nftables.rules | 2 +-
 layer/router-rpi3/nftables.rules | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/layer/router-alix/nftables.rules b/layer/router-alix/nftables.rules
index 85b3c7b..7da780a 100644
--- a/layer/router-alix/nftables.rules
+++ b/layer/router-alix/nftables.rules
@@ -6,7 +6,7 @@ table inet filter {
 
     ip protocol icmp accept
 
-    ct state {established, related} accept
+    ct state established, related accept
     ct state invalid drop
 
     iifname lo accept
diff --git a/layer/router-rpi3/nftables.rules b/layer/router-rpi3/nftables.rules
index 008b051..809c837 100644
--- a/layer/router-rpi3/nftables.rules
+++ b/layer/router-rpi3/nftables.rules
@@ -4,7 +4,7 @@ table inet filter {
   chain input {
     type filter hook input priority 0; policy drop;
 
-    ct state {established, related} accept
+    ct state established, related accept
     ct state invalid drop
 
     iifname lo accept