nftables: rearrange files and examples

Concatenate all family/hook examples into a single one by means of includes.

Put all example files under examples/. Use the '.nft' prefix and mark
them as executable files. Use a static shebang declaration, since these
are examples meant for final systems and users.

While at it, refresh also the sets_and_maps.nft example file and also
add the 'netdev-ingress.nft' example file.

Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

12 files changed, 0 insertions, 88 deletions

diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
deleted file mode 100644
index 77d5c2a6..00000000
--- a/files/nftables/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-
-pkgsysconfdir = ${sysconfdir}/nftables
-dist_pkgsysconf_DATA =	arp-filter	\
-			bridge-filter	\
-			inet-filter	\
-			ipv4-filter	\
-			ipv4-mangle	\
-			ipv4-nat	\
-			ipv4-raw	\
-			ipv6-filter	\
-			ipv6-mangle	\
-			ipv6-nat	\
-			ipv6-raw
-
-install-data-hook:
-	${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
diff --git a/files/nftables/arp-filter b/files/nftables/arp-filter
deleted file mode 100644
index bcabf28a..00000000
--- a/files/nftables/arp-filter
+++ /dev/null
@@ -1,6 +0,0 @@
-#! @sbindir@nft -f
-
-table arp filter {
-	chain input		{ type filter hook input priority 0; }
-	chain output		{ type filter hook output priority 0; }
-}
diff --git a/files/nftables/bridge-filter b/files/nftables/bridge-filter
deleted file mode 100644
index 2add455d..00000000
--- a/files/nftables/bridge-filter
+++ /dev/null
@@ -1,7 +0,0 @@
-#! @sbindir@nft -f
-
-table bridge filter {
-	chain input		{ type filter hook input priority -200; }
-	chain forward		{ type filter hook forward priority -200; }
-	chain output		{ type filter hook output priority 200; }
-}
diff --git a/files/nftables/inet-filter b/files/nftables/inet-filter
deleted file mode 100644
index f572db59..00000000
--- a/files/nftables/inet-filter
+++ /dev/null
@@ -1,7 +0,0 @@
-#! @sbindir@nft -f
-
-table inet filter {
-	chain input		{ type filter hook input priority 0; }
-	chain forward		{ type filter hook forward priority 0; }
-	chain output		{ type filter hook output priority 0; }
-}
diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter
deleted file mode 100644
index a4ca7f25..00000000
--- a/files/nftables/ipv4-filter
+++ /dev/null
@@ -1,7 +0,0 @@
-#! @sbindir@nft -f
-
-table filter {
-	chain input		{ type filter hook input priority 0; }
-	chain forward		{ type filter hook forward priority 0; }
-	chain output		{ type filter hook output priority 0; }
-}
diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle
deleted file mode 100644
index be564a51..00000000
--- a/files/nftables/ipv4-mangle
+++ /dev/null
@@ -1,5 +0,0 @@
-#! @sbindir@nft -f
-
-table mangle {
-	chain output		{ type route hook output priority -150; }
-}
diff --git a/files/nftables/ipv4-nat b/files/nftables/ipv4-nat
deleted file mode 100644
index 130a729b..00000000
--- a/files/nftables/ipv4-nat
+++ /dev/null
@@ -1,8 +0,0 @@
-#! @sbindir@nft -f
-
-table nat {
-	chain prerouting	{ type nat hook prerouting priority -100; }
-	chain input		{ type nat hook input priority 100; }
-	chain output		{ type nat hook output priority -100; }
-	chain postrouting	{ type nat hook postrouting priority 100; }
-}
diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw
deleted file mode 100644
index 19773ee8..00000000
--- a/files/nftables/ipv4-raw
+++ /dev/null
@@ -1,6 +0,0 @@
-#! @sbindir@nft -f
-
-table raw {
-	chain prerouting	{ type filter hook prerouting priority -300; }
-	chain output		{ type filter hook output priority -300; }
-}
diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter
deleted file mode 100644
index ce4d7de2..00000000
--- a/files/nftables/ipv6-filter
+++ /dev/null
@@ -1,7 +0,0 @@
-#! @sbindir@nft -f
-
-table ip6 filter {
-	chain input		{ type filter hook input priority 0; }
-	chain forward		{ type filter hook forward priority 0; }
-	chain output		{ type filter hook output priority 0; }
-}
diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle
deleted file mode 100644
index fa32402a..00000000
--- a/files/nftables/ipv6-mangle
+++ /dev/null
@@ -1,5 +0,0 @@
-#! @sbindir@nft -f
-
-table ip6 mangle {
-	chain output		{ type route hook output priority -150; }
-}
diff --git a/files/nftables/ipv6-nat b/files/nftables/ipv6-nat
deleted file mode 100644
index e7816860..00000000
--- a/files/nftables/ipv6-nat
+++ /dev/null
@@ -1,8 +0,0 @@
-#! @sbindir@nft -f
-
-table ip6 nat {
-	chain prerouting	{ type nat hook prerouting priority -100; }
-	chain input 		{ type nat hook input priority 100; }
-	chain output  		{ type nat hook output priority -100; }
-	chain postrouting	{ type nat hook postrouting priority 100; }
-}
diff --git a/files/nftables/ipv6-raw b/files/nftables/ipv6-raw
deleted file mode 100644
index 5ee56a83..00000000
--- a/files/nftables/ipv6-raw
+++ /dev/null
@@ -1,6 +0,0 @@
-#! @sbindir@nft -f
-
-table ip6 raw {
-	chain prerouting	{ type filter hook prerouting priority -300; }
-	chain output		{ type filter hook output priority -300; }
-}