files: Move netdev-ingress.nft to /etc/nftables as well

Commit 13535a3b40b62 ("files: restore base table skeletons") moved
config skeletons back from examples/ to /etc/nftables/ directory, but
ignored the fact that commit 6c9230e79339c ("nftables: rearrange files
and examples") added a new file 'netdev-ingress.nft' which is referenced
from 'all-in-one.nft' as well.

Fixes: 13535a3b40b62 ("files: restore base table skeletons")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 9 insertions, 1 deletions

diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
index f18156d8..a93b7978 100644
--- a/files/nftables/Makefile.am
+++ b/files/nftables/Makefile.am
@@ -10,7 +10,8 @@ dist_pkgsysconf_DATA =	all-in-one.nft		\
 			ipv6-filter.nft		\
 			ipv6-mangle.nft		\
 			ipv6-nat.nft		\
-			ipv6-raw.nft
+			ipv6-raw.nft		\
+			netdev-ingress.nft
 
 install-data-hook:
 	${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*.nft
diff --git a/files/nftables/netdev-ingress.nft b/files/nftables/netdev-ingress.nft
new file mode 100755
index 00000000..9e46b15a
--- /dev/null
+++ b/files/nftables/netdev-ingress.nft
@@ -0,0 +1,7 @@
+#!@sbindir@nft -f
+
+# mind the NIC, it must exists
+table netdev filter {
+        chain loinput { type filter hook ingress device lo priority 0; }
+}
+