From 13535a3b40b625f0a98e87a1324715cc6491d738 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sun, 6 May 2018 21:44:56 +0200 Subject: files: restore base table skeletons nftables releases until 0.8.2 included base skeleton hooks that were installed into /etc/nftables (sysconfdir). With 0.8.3 and newer these files were moved to the documentation area but apparently some users expect them to be there. Resurrect them. Signed-off-by: Florian Westphal --- files/nftables/all-in-one.nft | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100755 files/nftables/all-in-one.nft (limited to 'files/nftables/all-in-one.nft') diff --git a/files/nftables/all-in-one.nft b/files/nftables/all-in-one.nft new file mode 100755 index 00000000..4ccc0432 --- /dev/null +++ b/files/nftables/all-in-one.nft @@ -0,0 +1,36 @@ +#!@sbindir@nft -f + +# Here is an example of different families, hooks and priorities in the +# nftables framework, all mixed together. +# +# more examples are located in files/examples in nftables source. +# For up-to-date information please visit https://wiki.nftables.org +# +# This script is mean to be loaded with `nft -f ` + +# clear all prior state +flush ruleset + +# native dual stack IPv4 & IPv6 family +include "./inet-filter.nft" + +# netdev family at ingress hook. Attached to a given NIC +include "./netdev-ingress.nft" + +# IPv4 family, typical iptables tables/chains layout +include "./ipv4-filter.nft" +include "./ipv4-mangle.nft" +include "./ipv4-nat.nft" +include "./ipv4-raw.nft" + +# IPv6 family, typical ip6tables tables/chains layout +include "./ipv6-filter.nft" +include "./ipv6-mangle.nft" +include "./ipv6-nat.nft" +include "./ipv6-raw.nft" + +# ARP family, typical arptables tables/chain layout +include "./arp-filter.nft" + +# bridge family, typical ebtables tables/chain layout +include "./bridge-filter.nft" -- cgit v1.2.3