diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index c4c6c0143..9d00cfa03 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -983,7 +983,7 @@ sub validate_tc_device( ) {
mtu => $mtu,
mpu => $mpu,
tsize => $tsize,
- filterpri => 1,
+ filterpri => 0,
} ,
push @tcdevices, $device;
@@ -1422,11 +1422,11 @@ sub process_tc_filter() {
my ( $prio, $filterpri ) = ( undef, $devref->{filterpri} );
if ( $priority eq '-' ) {
- $prio = $filterpri++;
+ $prio = ++$filterpri;
fatal_error "Filter priority overflow" if $prio > 65535;
} else {
$prio = validate_filter_priority( $priority, 'filter' );
- $filterpri = $prio + 1 if $prio >= $filterpri;
+ $filterpri = $prio if $prio > $filterpri;
}
$devref->{filterpri} = $filterpri;
diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml
index 912e81468..25601eb6e 100644
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@@ -205,22 +205,21 @@
- For Shorewall versions prior to 4.5.8, all filters have
+ For Shorewall versions prior to 4.5.8 - all filters have
priority 10.
- For Shorewall 4.5.8 and later, the compiler maintains a
- high-water priority that has an initial
- value of 1. When a filter has no
+ For Shorewall 4.5.8 and later - for each device, the
+ compiler maintains a high-water priority
+ with an initial value of 0. When a filter has no
priority, the high-water priority is
- assigned to the filter and the high-wanter priority is
- incremented by 1. When a priority
- greater than or equal than the high-water priority is entered in
- this column, the high-water priority is set to the specified
- priority plus 1. An attempt to assign
- a priority value greater than 65535 (explicitly or implicitly),
- an error is raised.
+ incremented by 1 and assigned to the filter. When a
+ priority greater than the high-water
+ priority is entered in this column, the high-water priority is
+ set to the specified priority. An
+ attempt to assign a priority value greater than 65535
+ (explicitly or implicitly) raises an error.
diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml
index ed03945cd..8782d7f1c 100644
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@@ -199,22 +199,21 @@
- For Shorewall versions prior to 4.5.8, all filters have
+ For Shorewall versions prior to 4.5.8 - all filters have
priority 11.
- For Shorewall 4.5.8 and later, the compiler maintains a
- high-water priority that has an initial
- value of 1. When a filter has no
+ For Shorewall 4.5.8 and later - for each device, the
+ compiler maintains a high-water priority
+ with an initial value of 0. When a filter has no
priority, the high-water priority is
- assigned to the filter and the high-wanter priority is
- incremented by 1. When a priority
- greater than or equal than the high-water priority is entered in
- this column, the high-water priority is set to the specified
- priority plus 1. An attempt to assign
- a priority value greater than 65535 (explicitly or implicitly),
- an error is raised.
+ incremented by 1 and assigned to the filter. When a
+ priority greater than the high-water
+ priority is entered in this column, the high-water priority is
+ set to the specified priority. An
+ attempt to assign a priority value greater than 65535
+ (explicitly or implicitly) raises an error.