summaryrefslogtreecommitdiffstats
path: root/files/nftables
Commit message (Collapse)AuthorAgeFilesLines
* build: no recursive make for "files/**/Makefile.am"Thomas Haller2023-11-021-14/+0
| | | | | | | | Merge the Makefile.am under "files/" into the toplevel Makefile.am. This is a step in the effort of dropping recursive make. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* files: move example files away from /etcJan Engelhardt2021-04-031-2/+1
| | | | | | | | | | | | | As per file-hierarchy(5), /etc is for "system-specific configuration", not "vendor-supplied default configuration files". Moreover, the comments in all-in-one.nft say it is an example, and so, not a vendor config either. Move it out of /etc. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: Drop shebangs from config filesPhil Sutter2019-11-1915-33/+2
| | | | | | | | | | | | | | | These are not meant to be executed as is but instead loaded via 'nft -f' - all-in-one.nft even points this out in header comment. While being at it, drop two spelling mistakes found along the way. Consequently remove executable bits - being registered in automake as dist_pkgsysconf_DATA, they're changed to 644 upon installation anyway. Also there is obviously no need for replacement of nft binary path anymore, drop that bit from Makefile.am. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: Add inet family nat configPhil Sutter2019-07-043-0/+10
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: Move netdev-ingress.nft to /etc/nftables as wellPhil Sutter2019-07-032-1/+9
| | | | | | | | | | | | Commit 13535a3b40b62 ("files: restore base table skeletons") moved config skeletons back from examples/ to /etc/nftables/ directory, but ignored the fact that commit 6c9230e79339c ("nftables: rearrange files and examples") added a new file 'netdev-ingress.nft' which is referenced from 'all-in-one.nft' as well. Fixes: 13535a3b40b62 ("files: restore base table skeletons") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: osf: copy iptables/utils/pf.os into nftables treeFernando Fernandez Mancera2018-08-231-1/+1
| | | | | | | | As we are going to need pf.os file to load OS fingerprints from the incoming nfnl_osf.c, we copy it into the nftables tree directory "files/osf/". Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: restore base table skeletonsFlorian Westphal2018-05-0813-0/+124
| | | | | | | | | | | | nftables releases until 0.8.2 included base skeleton hooks that were installed into /etc/nftables (sysconfdir). With 0.8.3 and newer these files were moved to the documentation area but apparently some users expect them to be there. Resurrect them. Signed-off-by: Florian Westphal <fw@strlen.de>
* nftables: rearrange files and examplesArturo Borrero Gonzalez2018-02-2512-88/+0
| | | | | | | | | | | | | | Concatenate all family/hook examples into a single one by means of includes. Put all example files under examples/. Use the '.nft' prefix and mark them as executable files. Use a static shebang declaration, since these are examples meant for final systems and users. While at it, refresh also the sets_and_maps.nft example file and also add the 'netdev-ingress.nft' example file. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: add arp filter and add in/output to nat skeletonFlorian Westphal2017-08-234-5/+16
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: provide 'raw' table equivalentFlorian Westphal2017-03-153-1/+15
| | | | | | | | | | useful for the 'ct zone set' statement, it has to be done before the conntrack lookup but preferrably after the defragmention hook. In iptables, the functionality resides in the CT target which is restricted to the raw table. This provides the skeleton for nft. Signed-off-by: Florian Westphal <fw@strlen.de>
* build: add autotools support for the 'files' subdirGiorgio Dal Molin2014-11-129-8/+21
| | | | | | | | Added support to install some 'nft' scripts under '${sysconfdir}/nftables', typically '/etc/nftables'. Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: add inet filter table definitionPatrick McHardy2014-02-051-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Update chain creation format.Eric Leblond2013-09-177-19/+23
| | | | | | | | | | | type keyword is now mandatory when creating a new chain. This patc halso implement the change required following the usage of human notation in hook. It also suppressed non currently supported mangle chains. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Suppress non working examples.Eric Leblond2013-09-174-26/+0
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add bridge filter table definitionsPatrick McHardy2010-07-061-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* templates: add IPv6 raw table templatePatrick McHardy2009-03-181-0/+6
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-187-0/+52