diff options
author | Patrick McHardy <kaber@trash.net> | 2009-03-18 04:55:00 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-03-18 04:55:00 +0100 |
commit | fac10ea799fe9b6158d74f66d6ad46536d38a545 (patch) | |
tree | 8c093bcbb2144aab54c70103e6ed438456ae0d48 /files/nftables |
Initial commitv0.01-alpha1
Diffstat (limited to 'files/nftables')
-rw-r--r-- | files/nftables/ipv4-filter | 7 | ||||
-rw-r--r-- | files/nftables/ipv4-mangle | 9 | ||||
-rw-r--r-- | files/nftables/ipv4-raw | 6 | ||||
-rw-r--r-- | files/nftables/ipv4-security | 7 | ||||
-rw-r--r-- | files/nftables/ipv6-filter | 7 | ||||
-rw-r--r-- | files/nftables/ipv6-mangle | 9 | ||||
-rw-r--r-- | files/nftables/ipv6-security | 7 |
7 files changed, 52 insertions, 0 deletions
diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter new file mode 100644 index 00000000..3f962143 --- /dev/null +++ b/files/nftables/ipv4-filter @@ -0,0 +1,7 @@ +#! nft -f + +table filter { + chain input { hook NF_INET_LOCAL_IN 0; } + chain forward { hook NF_INET_FORWARD 0; } + chain output { hook NF_INET_LOCAL_OUT 0; } +} diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle new file mode 100644 index 00000000..339cacea --- /dev/null +++ b/files/nftables/ipv4-mangle @@ -0,0 +1,9 @@ +#! nft -f + +table mangle { + chain prerouting { hook NF_INET_PRE_ROUTING -150; } + chain input { hook NF_INET_LOCAL_IN -150; } + chain forward { hook NF_INET_FORWARD -150; } + chain output { hook NF_INET_LOCAL_OUT -150; } + chain postrouting { hook NF_INET_POST_ROUTING -150; } +} diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw new file mode 100644 index 00000000..6bc21815 --- /dev/null +++ b/files/nftables/ipv4-raw @@ -0,0 +1,6 @@ +#! nft -f + +table raw { + chain prerouting { hook NF_INET_PRE_ROUTING -300; } + chain output { hook NF_INET_LOCAL_OUT -300; } +} diff --git a/files/nftables/ipv4-security b/files/nftables/ipv4-security new file mode 100644 index 00000000..3ac5bd2b --- /dev/null +++ b/files/nftables/ipv4-security @@ -0,0 +1,7 @@ +#! nft -f + +table security { + chain input { hook NF_INET_LOCAL_IN 50; } + chain forward { hook NF_INET_FORWARD 50; } + chain output { hook NF_INET_LOCAL_OUT 50; } +} diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter new file mode 100644 index 00000000..9e412784 --- /dev/null +++ b/files/nftables/ipv6-filter @@ -0,0 +1,7 @@ +#! nft -f + +table ip6 filter { + chain input { hook NF_INET_LOCAL_IN 0; } + chain forward { hook NF_INET_FORWARD 0; } + chain output { hook NF_INET_LOCAL_OUT 0; } +} diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle new file mode 100644 index 00000000..dc18c7a8 --- /dev/null +++ b/files/nftables/ipv6-mangle @@ -0,0 +1,9 @@ +#! nft -f + +table ip6 mangle { + chain prerouting { hook NF_INET_PRE_ROUTING -150; } + chain input { hook NF_INET_LOCAL_IN -150; } + chain forward { hook NF_INET_FORWARD -150; } + chain output { hook NF_INET_LOCAL_OUT -150; } + chain postrouting { hook NF_INET_POST_ROUTING -150; } +} diff --git a/files/nftables/ipv6-security b/files/nftables/ipv6-security new file mode 100644 index 00000000..f379bfd3 --- /dev/null +++ b/files/nftables/ipv6-security @@ -0,0 +1,7 @@ +#! nft -f + +table ip6 security { + chain input { hook NF_INET_LOCAL_IN 50; } + chain forward { hook NF_INET_FORWARD 50; } + chain output { hook NF_INET_LOCAL_OUT 50; } +} |