diff options
Diffstat (limited to 'files/nftables')
-rw-r--r-- | files/nftables/Makefile.am | 3 | ||||
-rwxr-xr-x | files/nftables/netdev-ingress.nft | 7 |
2 files changed, 9 insertions, 1 deletions
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am index f18156d8..a93b7978 100644 --- a/files/nftables/Makefile.am +++ b/files/nftables/Makefile.am @@ -10,7 +10,8 @@ dist_pkgsysconf_DATA = all-in-one.nft \ ipv6-filter.nft \ ipv6-mangle.nft \ ipv6-nat.nft \ - ipv6-raw.nft + ipv6-raw.nft \ + netdev-ingress.nft install-data-hook: ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*.nft diff --git a/files/nftables/netdev-ingress.nft b/files/nftables/netdev-ingress.nft new file mode 100755 index 00000000..9e46b15a --- /dev/null +++ b/files/nftables/netdev-ingress.nft @@ -0,0 +1,7 @@ +#!@sbindir@nft -f + +# mind the NIC, it must exists +table netdev filter { + chain loinput { type filter hook ingress device lo priority 0; } +} + |