summaryrefslogtreecommitdiffstats
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rw-r--r--files/Makefile.in4
-rw-r--r--files/nftables/ipv4-filter7
-rw-r--r--files/nftables/ipv4-mangle9
-rw-r--r--files/nftables/ipv4-raw6
-rw-r--r--files/nftables/ipv4-security7
-rw-r--r--files/nftables/ipv6-filter7
-rw-r--r--files/nftables/ipv6-mangle9
-rw-r--r--files/nftables/ipv6-security7
8 files changed, 56 insertions, 0 deletions
diff --git a/files/Makefile.in b/files/Makefile.in
new file mode 100644
index 00000000..cd67c37d
--- /dev/null
+++ b/files/Makefile.in
@@ -0,0 +1,4 @@
+install:
+ @echo -e " INSTALL\tfiles"
+ $(MKDIR_P) $(DESTDIR)/$(confdir)
+ $(INSTALL) -m 755 -o root -g root $(SUBDIR)nftables/* $(DESTDIR)/$(confdir)/
diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter
new file mode 100644
index 00000000..3f962143
--- /dev/null
+++ b/files/nftables/ipv4-filter
@@ -0,0 +1,7 @@
+#! nft -f
+
+table filter {
+ chain input { hook NF_INET_LOCAL_IN 0; }
+ chain forward { hook NF_INET_FORWARD 0; }
+ chain output { hook NF_INET_LOCAL_OUT 0; }
+}
diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle
new file mode 100644
index 00000000..339cacea
--- /dev/null
+++ b/files/nftables/ipv4-mangle
@@ -0,0 +1,9 @@
+#! nft -f
+
+table mangle {
+ chain prerouting { hook NF_INET_PRE_ROUTING -150; }
+ chain input { hook NF_INET_LOCAL_IN -150; }
+ chain forward { hook NF_INET_FORWARD -150; }
+ chain output { hook NF_INET_LOCAL_OUT -150; }
+ chain postrouting { hook NF_INET_POST_ROUTING -150; }
+}
diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw
new file mode 100644
index 00000000..6bc21815
--- /dev/null
+++ b/files/nftables/ipv4-raw
@@ -0,0 +1,6 @@
+#! nft -f
+
+table raw {
+ chain prerouting { hook NF_INET_PRE_ROUTING -300; }
+ chain output { hook NF_INET_LOCAL_OUT -300; }
+}
diff --git a/files/nftables/ipv4-security b/files/nftables/ipv4-security
new file mode 100644
index 00000000..3ac5bd2b
--- /dev/null
+++ b/files/nftables/ipv4-security
@@ -0,0 +1,7 @@
+#! nft -f
+
+table security {
+ chain input { hook NF_INET_LOCAL_IN 50; }
+ chain forward { hook NF_INET_FORWARD 50; }
+ chain output { hook NF_INET_LOCAL_OUT 50; }
+}
diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter
new file mode 100644
index 00000000..9e412784
--- /dev/null
+++ b/files/nftables/ipv6-filter
@@ -0,0 +1,7 @@
+#! nft -f
+
+table ip6 filter {
+ chain input { hook NF_INET_LOCAL_IN 0; }
+ chain forward { hook NF_INET_FORWARD 0; }
+ chain output { hook NF_INET_LOCAL_OUT 0; }
+}
diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle
new file mode 100644
index 00000000..dc18c7a8
--- /dev/null
+++ b/files/nftables/ipv6-mangle
@@ -0,0 +1,9 @@
+#! nft -f
+
+table ip6 mangle {
+ chain prerouting { hook NF_INET_PRE_ROUTING -150; }
+ chain input { hook NF_INET_LOCAL_IN -150; }
+ chain forward { hook NF_INET_FORWARD -150; }
+ chain output { hook NF_INET_LOCAL_OUT -150; }
+ chain postrouting { hook NF_INET_POST_ROUTING -150; }
+}
diff --git a/files/nftables/ipv6-security b/files/nftables/ipv6-security
new file mode 100644
index 00000000..f379bfd3
--- /dev/null
+++ b/files/nftables/ipv6-security
@@ -0,0 +1,7 @@
+#! nft -f
+
+table ip6 security {
+ chain input { hook NF_INET_LOCAL_IN 50; }
+ chain forward { hook NF_INET_FORWARD 50; }
+ chain output { hook NF_INET_LOCAL_OUT 50; }
+}