files: restore base table skeletons

nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).

With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.

Resurrect them.

Signed-off-by: Florian Westphal <fw@strlen.de>

16 files changed, 37 insertions, 13 deletions

diff --git a/Makefile.am b/Makefile.am
index 1201ca78..09664c3e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,7 @@ ACLOCAL_AMFLAGS	= -I m4
 
 SUBDIRS = 	src	\
 		include	\
+		files	\
 		doc
 
 EXTRA_DIST =	tests	\
diff --git a/configure.ac b/configure.ac
index 24965779..d7522569 100644
--- a/configure.ac
+++ b/configure.ac
@@ -119,6 +119,8 @@ AC_CONFIG_FILES([					\
 		include/linux/netfilter_bridge/Makefile	\
 		include/linux/netfilter_ipv4/Makefile	\
 		include/linux/netfilter_ipv6/Makefile	\
+		files/Makefile				\
+		files/nftables/Makefile			\
 		doc/Makefile				\
 		])
 AC_OUTPUT
diff --git a/files/Makefile.am b/files/Makefile.am
new file mode 100644
index 00000000..a8394c06
--- /dev/null
+++ b/files/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = nftables
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
new file mode 100644
index 00000000..43e30281
--- /dev/null
+++ b/files/nftables/Makefile.am
@@ -0,0 +1,16 @@
+pkgsysconfdir = ${sysconfdir}/nftables
+dist_pkgsysconf_DATA =	all-in-one.nft		\
+			arp-filter.nft		\
+			bridge-filter.nft	\
+			inet-filter.nft		\
+			ipv4-filter.nft		\
+			ipv4-mangle.nft		\
+			ipv4-nat.nft		\
+			ipv4-raw.nft		\
+			ipv6-filter.nft		\
+			ipv6-mangle.nft		\
+			ipv6-nat.nft		\
+			ipv6-raw.nft
+
+install-data-hook:
+	${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
diff --git a/files/examples/families_and_hooks.nft b/files/nftables/all-in-one.nft
index e6d9ee23..4ccc0432 100755
--- a/files/examples/families_and_hooks.nft
+++ b/files/nftables/all-in-one.nft
@@ -1,10 +1,14 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 # Here is an example of different families, hooks and priorities in the
 # nftables framework, all mixed together.
-# This script is mean to be loaded with `nft -f <file>`
+#
+# more examples are located in files/examples in nftables source.
 # For up-to-date information please visit https://wiki.nftables.org
+#
+# This script is mean to be loaded with `nft -f <file>`
 
+# clear all prior state
 flush ruleset
 
 # native dual stack IPv4 & IPv6 family
diff --git a/files/examples/arp-filter.nft b/files/nftables/arp-filter.nft
index 13166bda..8a350b1e 100755
--- a/files/examples/arp-filter.nft
+++ b/files/nftables/arp-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table arp filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/bridge-filter.nft b/files/nftables/bridge-filter.nft
index 7e3cad40..93efe864 100755
--- a/files/examples/bridge-filter.nft
+++ b/files/nftables/bridge-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table bridge filter {
 	chain input		{ type filter hook input priority -200; }
diff --git a/files/examples/inet-filter.nft b/files/nftables/inet-filter.nft
index e5c8c54f..7be447fd 100755
--- a/files/examples/inet-filter.nft
+++ b/files/nftables/inet-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table inet filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv4-filter.nft b/files/nftables/ipv4-filter.nft
index 73b11bc9..51c060f6 100755
--- a/files/examples/ipv4-filter.nft
+++ b/files/nftables/ipv4-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft
index 2827ddfa..dba8888c 100755
--- a/files/examples/ipv4-mangle.nft
+++ b/files/nftables/ipv4-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table mangle {
 	chain output		{ type route hook output priority -150; }
diff --git a/files/examples/ipv4-nat.nft b/files/nftables/ipv4-nat.nft
index fd3bb40c..6754e5ee 100755
--- a/files/examples/ipv4-nat.nft
+++ b/files/nftables/ipv4-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table nat {
 	chain prerouting	{ type nat hook prerouting priority -100; }
diff --git a/files/examples/ipv4-raw.nft b/files/nftables/ipv4-raw.nft
index 91fc138b..c3fed191 100755
--- a/files/examples/ipv4-raw.nft
+++ b/files/nftables/ipv4-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table raw {
 	chain prerouting	{ type filter hook prerouting priority -300; }
diff --git a/files/examples/ipv6-filter.nft b/files/nftables/ipv6-filter.nft
index 21f06a38..266bed36 100755
--- a/files/examples/ipv6-filter.nft
+++ b/files/nftables/ipv6-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft
index e92dbef6..6b3e20dc 100755
--- a/files/examples/ipv6-mangle.nft
+++ b/files/nftables/ipv6-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 mangle {
 	chain output		{ type route hook output priority -150; }
diff --git a/files/examples/ipv6-nat.nft b/files/nftables/ipv6-nat.nft
index 7437c193..ce0391df 100755
--- a/files/examples/ipv6-nat.nft
+++ b/files/nftables/ipv6-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 nat {
 	chain prerouting	{ type nat hook prerouting priority -100; }
diff --git a/files/examples/ipv6-raw.nft b/files/nftables/ipv6-raw.nft
index 812703aa..504fb3e5 100755
--- a/files/examples/ipv6-raw.nft
+++ b/files/nftables/ipv6-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 raw {
 	chain prerouting	{ type filter hook prerouting priority -300; }