diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-06 21:44:56 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-08 14:14:09 +0200 |
commit | 13535a3b40b625f0a98e87a1324715cc6491d738 (patch) | |
tree | 66b865df0d4249d7d52a1e89c7930bcec66e3f2f /files/examples | |
parent | 3f82ef3d0dbf2788fd24ecb20299f99c190ea7ec (diff) |
files: restore base table skeletons
nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).
With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.
Resurrect them.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'files/examples')
-rwxr-xr-x | files/examples/arp-filter.nft | 6 | ||||
-rwxr-xr-x | files/examples/bridge-filter.nft | 7 | ||||
-rwxr-xr-x | files/examples/families_and_hooks.nft | 32 | ||||
-rwxr-xr-x | files/examples/inet-filter.nft | 7 | ||||
-rwxr-xr-x | files/examples/ipv4-filter.nft | 7 | ||||
-rwxr-xr-x | files/examples/ipv4-mangle.nft | 5 | ||||
-rwxr-xr-x | files/examples/ipv4-nat.nft | 8 | ||||
-rwxr-xr-x | files/examples/ipv4-raw.nft | 6 | ||||
-rwxr-xr-x | files/examples/ipv6-filter.nft | 7 | ||||
-rwxr-xr-x | files/examples/ipv6-mangle.nft | 5 | ||||
-rwxr-xr-x | files/examples/ipv6-nat.nft | 8 | ||||
-rwxr-xr-x | files/examples/ipv6-raw.nft | 6 |
12 files changed, 0 insertions, 104 deletions
diff --git a/files/examples/arp-filter.nft b/files/examples/arp-filter.nft deleted file mode 100755 index 13166bda..00000000 --- a/files/examples/arp-filter.nft +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/sbin/nft -f - -table arp filter { - chain input { type filter hook input priority 0; } - chain output { type filter hook output priority 0; } -} diff --git a/files/examples/bridge-filter.nft b/files/examples/bridge-filter.nft deleted file mode 100755 index 7e3cad40..00000000 --- a/files/examples/bridge-filter.nft +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/sbin/nft -f - -table bridge filter { - chain input { type filter hook input priority -200; } - chain forward { type filter hook forward priority -200; } - chain output { type filter hook output priority 200; } -} diff --git a/files/examples/families_and_hooks.nft b/files/examples/families_and_hooks.nft deleted file mode 100755 index e6d9ee23..00000000 --- a/files/examples/families_and_hooks.nft +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/sbin/nft -f - -# Here is an example of different families, hooks and priorities in the -# nftables framework, all mixed together. -# This script is mean to be loaded with `nft -f <file>` -# For up-to-date information please visit https://wiki.nftables.org - -flush ruleset - -# native dual stack IPv4 & IPv6 family -include "./inet-filter.nft" - -# netdev family at ingress hook. Attached to a given NIC -include "./netdev-ingress.nft" - -# IPv4 family, typical iptables tables/chains layout -include "./ipv4-filter.nft" -include "./ipv4-mangle.nft" -include "./ipv4-nat.nft" -include "./ipv4-raw.nft" - -# IPv6 family, typical ip6tables tables/chains layout -include "./ipv6-filter.nft" -include "./ipv6-mangle.nft" -include "./ipv6-nat.nft" -include "./ipv6-raw.nft" - -# ARP family, typical arptables tables/chain layout -include "./arp-filter.nft" - -# bridge family, typical ebtables tables/chain layout -include "./bridge-filter.nft" diff --git a/files/examples/inet-filter.nft b/files/examples/inet-filter.nft deleted file mode 100755 index e5c8c54f..00000000 --- a/files/examples/inet-filter.nft +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/sbin/nft -f - -table inet filter { - chain input { type filter hook input priority 0; } - chain forward { type filter hook forward priority 0; } - chain output { type filter hook output priority 0; } -} diff --git a/files/examples/ipv4-filter.nft b/files/examples/ipv4-filter.nft deleted file mode 100755 index 73b11bc9..00000000 --- a/files/examples/ipv4-filter.nft +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/sbin/nft -f - -table filter { - chain input { type filter hook input priority 0; } - chain forward { type filter hook forward priority 0; } - chain output { type filter hook output priority 0; } -} diff --git a/files/examples/ipv4-mangle.nft b/files/examples/ipv4-mangle.nft deleted file mode 100755 index 2827ddfa..00000000 --- a/files/examples/ipv4-mangle.nft +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/sbin/nft -f - -table mangle { - chain output { type route hook output priority -150; } -} diff --git a/files/examples/ipv4-nat.nft b/files/examples/ipv4-nat.nft deleted file mode 100755 index fd3bb40c..00000000 --- a/files/examples/ipv4-nat.nft +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/sbin/nft -f - -table nat { - chain prerouting { type nat hook prerouting priority -100; } - chain input { type nat hook input priority 100; } - chain output { type nat hook output priority -100; } - chain postrouting { type nat hook postrouting priority 100; } -} diff --git a/files/examples/ipv4-raw.nft b/files/examples/ipv4-raw.nft deleted file mode 100755 index 91fc138b..00000000 --- a/files/examples/ipv4-raw.nft +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/sbin/nft -f - -table raw { - chain prerouting { type filter hook prerouting priority -300; } - chain output { type filter hook output priority -300; } -} diff --git a/files/examples/ipv6-filter.nft b/files/examples/ipv6-filter.nft deleted file mode 100755 index 21f06a38..00000000 --- a/files/examples/ipv6-filter.nft +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/sbin/nft -f - -table ip6 filter { - chain input { type filter hook input priority 0; } - chain forward { type filter hook forward priority 0; } - chain output { type filter hook output priority 0; } -} diff --git a/files/examples/ipv6-mangle.nft b/files/examples/ipv6-mangle.nft deleted file mode 100755 index e92dbef6..00000000 --- a/files/examples/ipv6-mangle.nft +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/sbin/nft -f - -table ip6 mangle { - chain output { type route hook output priority -150; } -} diff --git a/files/examples/ipv6-nat.nft b/files/examples/ipv6-nat.nft deleted file mode 100755 index 7437c193..00000000 --- a/files/examples/ipv6-nat.nft +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/sbin/nft -f - -table ip6 nat { - chain prerouting { type nat hook prerouting priority -100; } - chain input { type nat hook input priority 100; } - chain output { type nat hook output priority -100; } - chain postrouting { type nat hook postrouting priority 100; } -} diff --git a/files/examples/ipv6-raw.nft b/files/examples/ipv6-raw.nft deleted file mode 100755 index 812703aa..00000000 --- a/files/examples/ipv6-raw.nft +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/sbin/nft -f - -table ip6 raw { - chain prerouting { type filter hook prerouting priority -300; } - chain output { type filter hook output priority -300; } -} |