summaryrefslogtreecommitdiffstats
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rw-r--r--files/Makefile.am3
-rw-r--r--files/examples/Makefile.am5
-rwxr-xr-xfiles/examples/secmark.nft10
-rw-r--r--files/nftables/Makefile.am15
-rw-r--r--files/osf/Makefile.am2
5 files changed, 5 insertions, 30 deletions
diff --git a/files/Makefile.am b/files/Makefile.am
deleted file mode 100644
index 7deec151..00000000
--- a/files/Makefile.am
+++ /dev/null
@@ -1,3 +0,0 @@
-SUBDIRS = nftables \
- examples \
- osf
diff --git a/files/examples/Makefile.am b/files/examples/Makefile.am
deleted file mode 100644
index b29e9f61..00000000
--- a/files/examples/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-pkgdocdir = ${docdir}/examples
-dist_pkgdoc_SCRIPTS = ct_helpers.nft \
- load_balancing.nft \
- secmark.nft \
- sets_and_maps.nft
diff --git a/files/examples/secmark.nft b/files/examples/secmark.nft
index 16f9a368..c923cebb 100755
--- a/files/examples/secmark.nft
+++ b/files/examples/secmark.nft
@@ -10,7 +10,7 @@
flush ruleset
-table inet filter {
+table inet x {
secmark ssh_server {
"system_u:object_r:ssh_server_packet_t:s0"
}
@@ -57,8 +57,8 @@ table inet filter {
elements = { 22 : "ssh_client", 53 : "dns_client", 80 : "http_client", 123 : "ntp_client", 443 : "http_client", 9418 : "git_client" }
}
- chain input {
- type filter hook input priority 0;
+ chain y {
+ type filter hook input priority -225;
# label new incoming packets and add to connection
ct state new meta secmark set tcp dport map @secmapping_in
@@ -71,8 +71,8 @@ table inet filter {
ct state established,related meta secmark set ct secmark
}
- chain output {
- type filter hook output priority 0;
+ chain z {
+ type filter hook output priority 225;
# label new outgoing packets and add to connection
ct state new meta secmark set tcp dport map @secmapping_out
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
deleted file mode 100644
index fc8b94ea..00000000
--- a/files/nftables/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-pkgsysconfdir = ${sysconfdir}/nftables
-dist_pkgsysconf_DATA = all-in-one.nft \
- arp-filter.nft \
- bridge-filter.nft \
- inet-filter.nft \
- inet-nat.nft \
- ipv4-filter.nft \
- ipv4-mangle.nft \
- ipv4-nat.nft \
- ipv4-raw.nft \
- ipv6-filter.nft \
- ipv6-mangle.nft \
- ipv6-nat.nft \
- ipv6-raw.nft \
- netdev-ingress.nft
diff --git a/files/osf/Makefile.am b/files/osf/Makefile.am
deleted file mode 100644
index d80196dd..00000000
--- a/files/osf/Makefile.am
+++ /dev/null
@@ -1,2 +0,0 @@
-pkgsysconfdir = ${sysconfdir}/nftables/osf
-dist_pkgsysconf_DATA = pf.os