diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/Makefile.am | 3 | ||||
-rw-r--r-- | files/examples/Makefile.am | 5 | ||||
-rwxr-xr-x | files/examples/secmark.nft | 10 | ||||
-rw-r--r-- | files/nftables/Makefile.am | 15 | ||||
-rw-r--r-- | files/osf/Makefile.am | 2 |
5 files changed, 5 insertions, 30 deletions
diff --git a/files/Makefile.am b/files/Makefile.am deleted file mode 100644 index 7deec151..00000000 --- a/files/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -SUBDIRS = nftables \ - examples \ - osf diff --git a/files/examples/Makefile.am b/files/examples/Makefile.am deleted file mode 100644 index b29e9f61..00000000 --- a/files/examples/Makefile.am +++ /dev/null @@ -1,5 +0,0 @@ -pkgdocdir = ${docdir}/examples -dist_pkgdoc_SCRIPTS = ct_helpers.nft \ - load_balancing.nft \ - secmark.nft \ - sets_and_maps.nft diff --git a/files/examples/secmark.nft b/files/examples/secmark.nft index 16f9a368..c923cebb 100755 --- a/files/examples/secmark.nft +++ b/files/examples/secmark.nft @@ -10,7 +10,7 @@ flush ruleset -table inet filter { +table inet x { secmark ssh_server { "system_u:object_r:ssh_server_packet_t:s0" } @@ -57,8 +57,8 @@ table inet filter { elements = { 22 : "ssh_client", 53 : "dns_client", 80 : "http_client", 123 : "ntp_client", 443 : "http_client", 9418 : "git_client" } } - chain input { - type filter hook input priority 0; + chain y { + type filter hook input priority -225; # label new incoming packets and add to connection ct state new meta secmark set tcp dport map @secmapping_in @@ -71,8 +71,8 @@ table inet filter { ct state established,related meta secmark set ct secmark } - chain output { - type filter hook output priority 0; + chain z { + type filter hook output priority 225; # label new outgoing packets and add to connection ct state new meta secmark set tcp dport map @secmapping_out diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am deleted file mode 100644 index fc8b94ea..00000000 --- a/files/nftables/Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ -pkgsysconfdir = ${sysconfdir}/nftables -dist_pkgsysconf_DATA = all-in-one.nft \ - arp-filter.nft \ - bridge-filter.nft \ - inet-filter.nft \ - inet-nat.nft \ - ipv4-filter.nft \ - ipv4-mangle.nft \ - ipv4-nat.nft \ - ipv4-raw.nft \ - ipv6-filter.nft \ - ipv6-mangle.nft \ - ipv6-nat.nft \ - ipv6-raw.nft \ - netdev-ingress.nft diff --git a/files/osf/Makefile.am b/files/osf/Makefile.am deleted file mode 100644 index d80196dd..00000000 --- a/files/osf/Makefile.am +++ /dev/null @@ -1,2 +0,0 @@ -pkgsysconfdir = ${sysconfdir}/nftables/osf -dist_pkgsysconf_DATA = pf.os |