nftables: rearrange files and examples

Concatenate all family/hook examples into a single one by means of includes.

Put all example files under examples/. Use the '.nft' prefix and mark
them as executable files. Use a static shebang declaration, since these
are examples meant for final systems and users.

While at it, refresh also the sets_and_maps.nft example file and also
add the 'netdev-ingress.nft' example file.

Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 32 insertions, 0 deletions

diff --git a/files/examples/families_and_hooks.nft b/files/examples/families_and_hooks.nft
new file mode 100755
index 00000000..e6d9ee23
--- /dev/null
+++ b/files/examples/families_and_hooks.nft
@@ -0,0 +1,32 @@
+#!/usr/sbin/nft -f
+
+# Here is an example of different families, hooks and priorities in the
+# nftables framework, all mixed together.
+# This script is mean to be loaded with `nft -f <file>`
+# For up-to-date information please visit https://wiki.nftables.org
+
+flush ruleset
+
+# native dual stack IPv4 & IPv6 family
+include "./inet-filter.nft"
+
+# netdev family at ingress hook. Attached to a given NIC
+include "./netdev-ingress.nft"
+
+# IPv4 family, typical iptables tables/chains layout
+include "./ipv4-filter.nft"
+include "./ipv4-mangle.nft"
+include "./ipv4-nat.nft"
+include "./ipv4-raw.nft"
+
+# IPv6 family, typical ip6tables tables/chains layout
+include "./ipv6-filter.nft"
+include "./ipv6-mangle.nft"
+include "./ipv6-nat.nft"
+include "./ipv6-raw.nft"
+
+# ARP family, typical arptables tables/chain layout
+include "./arp-filter.nft"
+
+# bridge family, typical ebtables tables/chain layout
+include "./bridge-filter.nft"