diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/Makefile.in | 4 | ||||
-rw-r--r-- | files/nftables/ipv4-filter | 7 | ||||
-rw-r--r-- | files/nftables/ipv4-mangle | 9 | ||||
-rw-r--r-- | files/nftables/ipv4-raw | 6 | ||||
-rw-r--r-- | files/nftables/ipv4-security | 7 | ||||
-rw-r--r-- | files/nftables/ipv6-filter | 7 | ||||
-rw-r--r-- | files/nftables/ipv6-mangle | 9 | ||||
-rw-r--r-- | files/nftables/ipv6-security | 7 |
8 files changed, 56 insertions, 0 deletions
diff --git a/files/Makefile.in b/files/Makefile.in new file mode 100644 index 00000000..cd67c37d --- /dev/null +++ b/files/Makefile.in @@ -0,0 +1,4 @@ +install: + @echo -e " INSTALL\tfiles" + $(MKDIR_P) $(DESTDIR)/$(confdir) + $(INSTALL) -m 755 -o root -g root $(SUBDIR)nftables/* $(DESTDIR)/$(confdir)/ diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter new file mode 100644 index 00000000..3f962143 --- /dev/null +++ b/files/nftables/ipv4-filter @@ -0,0 +1,7 @@ +#! nft -f + +table filter { + chain input { hook NF_INET_LOCAL_IN 0; } + chain forward { hook NF_INET_FORWARD 0; } + chain output { hook NF_INET_LOCAL_OUT 0; } +} diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle new file mode 100644 index 00000000..339cacea --- /dev/null +++ b/files/nftables/ipv4-mangle @@ -0,0 +1,9 @@ +#! nft -f + +table mangle { + chain prerouting { hook NF_INET_PRE_ROUTING -150; } + chain input { hook NF_INET_LOCAL_IN -150; } + chain forward { hook NF_INET_FORWARD -150; } + chain output { hook NF_INET_LOCAL_OUT -150; } + chain postrouting { hook NF_INET_POST_ROUTING -150; } +} diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw new file mode 100644 index 00000000..6bc21815 --- /dev/null +++ b/files/nftables/ipv4-raw @@ -0,0 +1,6 @@ +#! nft -f + +table raw { + chain prerouting { hook NF_INET_PRE_ROUTING -300; } + chain output { hook NF_INET_LOCAL_OUT -300; } +} diff --git a/files/nftables/ipv4-security b/files/nftables/ipv4-security new file mode 100644 index 00000000..3ac5bd2b --- /dev/null +++ b/files/nftables/ipv4-security @@ -0,0 +1,7 @@ +#! nft -f + +table security { + chain input { hook NF_INET_LOCAL_IN 50; } + chain forward { hook NF_INET_FORWARD 50; } + chain output { hook NF_INET_LOCAL_OUT 50; } +} diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter new file mode 100644 index 00000000..9e412784 --- /dev/null +++ b/files/nftables/ipv6-filter @@ -0,0 +1,7 @@ +#! nft -f + +table ip6 filter { + chain input { hook NF_INET_LOCAL_IN 0; } + chain forward { hook NF_INET_FORWARD 0; } + chain output { hook NF_INET_LOCAL_OUT 0; } +} diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle new file mode 100644 index 00000000..dc18c7a8 --- /dev/null +++ b/files/nftables/ipv6-mangle @@ -0,0 +1,9 @@ +#! nft -f + +table ip6 mangle { + chain prerouting { hook NF_INET_PRE_ROUTING -150; } + chain input { hook NF_INET_LOCAL_IN -150; } + chain forward { hook NF_INET_FORWARD -150; } + chain output { hook NF_INET_LOCAL_OUT -150; } + chain postrouting { hook NF_INET_POST_ROUTING -150; } +} diff --git a/files/nftables/ipv6-security b/files/nftables/ipv6-security new file mode 100644 index 00000000..f379bfd3 --- /dev/null +++ b/files/nftables/ipv6-security @@ -0,0 +1,7 @@ +#! nft -f + +table ip6 security { + chain input { hook NF_INET_LOCAL_IN 50; } + chain forward { hook NF_INET_FORWARD 50; } + chain output { hook NF_INET_LOCAL_OUT 50; } +} |