diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/Makefile.am | 1 | ||||
-rw-r--r-- | files/nftables/Makefile.am | 16 | ||||
-rwxr-xr-x | files/nftables/all-in-one.nft (renamed from files/examples/families_and_hooks.nft) | 8 | ||||
-rwxr-xr-x | files/nftables/arp-filter.nft (renamed from files/examples/arp-filter.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/bridge-filter.nft (renamed from files/examples/bridge-filter.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/inet-filter.nft (renamed from files/examples/inet-filter.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv4-filter.nft (renamed from files/examples/ipv4-filter.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv4-mangle.nft (renamed from files/examples/ipv4-mangle.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv4-nat.nft (renamed from files/examples/ipv4-nat.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv4-raw.nft (renamed from files/examples/ipv4-raw.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv6-filter.nft (renamed from files/examples/ipv6-filter.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv6-mangle.nft (renamed from files/examples/ipv6-mangle.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv6-nat.nft (renamed from files/examples/ipv6-nat.nft) | 2 | ||||
-rwxr-xr-x | files/nftables/ipv6-raw.nft (renamed from files/examples/ipv6-raw.nft) | 2 |
14 files changed, 34 insertions, 13 deletions
diff --git a/files/Makefile.am b/files/Makefile.am new file mode 100644 index 00000000..a8394c06 --- /dev/null +++ b/files/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = nftables diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am new file mode 100644 index 00000000..43e30281 --- /dev/null +++ b/files/nftables/Makefile.am @@ -0,0 +1,16 @@ +pkgsysconfdir = ${sysconfdir}/nftables +dist_pkgsysconf_DATA = all-in-one.nft \ + arp-filter.nft \ + bridge-filter.nft \ + inet-filter.nft \ + ipv4-filter.nft \ + ipv4-mangle.nft \ + ipv4-nat.nft \ + ipv4-raw.nft \ + ipv6-filter.nft \ + ipv6-mangle.nft \ + ipv6-nat.nft \ + ipv6-raw.nft + +install-data-hook: + ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/* diff --git a/files/examples/families_and_hooks.nft b/files/nftables/all-in-one.nft index e6d9ee23..4ccc0432 100755 --- a/files/examples/families_and_hooks.nft +++ b/files/nftables/all-in-one.nft @@ -1,10 +1,14 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f # Here is an example of different families, hooks and priorities in the # nftables framework, all mixed together. -# This script is mean to be loaded with `nft -f <file>` +# +# more examples are located in files/examples in nftables source. # For up-to-date information please visit https://wiki.nftables.org +# +# This script is mean to be loaded with `nft -f <file>` +# clear all prior state flush ruleset # native dual stack IPv4 & IPv6 family diff --git a/files/examples/arp-filter.nft b/files/nftables/arp-filter.nft index 13166bda..8a350b1e 100755 --- a/files/examples/arp-filter.nft +++ b/files/nftables/arp-filter.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table arp filter { chain input { type filter hook input priority 0; } diff --git a/files/examples/bridge-filter.nft b/files/nftables/bridge-filter.nft index 7e3cad40..93efe864 100755 --- a/files/examples/bridge-filter.nft +++ b/files/nftables/bridge-filter.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table bridge filter { chain input { type filter hook input priority -200; } diff --git a/files/examples/inet-filter.nft b/files/nftables/inet-filter.nft index e5c8c54f..7be447fd 100755 --- a/files/examples/inet-filter.nft +++ b/files/nftables/inet-filter.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table inet filter { chain input { type filter hook input priority 0; } diff --git a/files/examples/ipv4-filter.nft b/files/nftables/ipv4-filter.nft index 73b11bc9..51c060f6 100755 --- a/files/examples/ipv4-filter.nft +++ b/files/nftables/ipv4-filter.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table filter { chain input { type filter hook input priority 0; } diff --git a/files/examples/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft index 2827ddfa..dba8888c 100755 --- a/files/examples/ipv4-mangle.nft +++ b/files/nftables/ipv4-mangle.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table mangle { chain output { type route hook output priority -150; } diff --git a/files/examples/ipv4-nat.nft b/files/nftables/ipv4-nat.nft index fd3bb40c..6754e5ee 100755 --- a/files/examples/ipv4-nat.nft +++ b/files/nftables/ipv4-nat.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table nat { chain prerouting { type nat hook prerouting priority -100; } diff --git a/files/examples/ipv4-raw.nft b/files/nftables/ipv4-raw.nft index 91fc138b..c3fed191 100755 --- a/files/examples/ipv4-raw.nft +++ b/files/nftables/ipv4-raw.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table raw { chain prerouting { type filter hook prerouting priority -300; } diff --git a/files/examples/ipv6-filter.nft b/files/nftables/ipv6-filter.nft index 21f06a38..266bed36 100755 --- a/files/examples/ipv6-filter.nft +++ b/files/nftables/ipv6-filter.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table ip6 filter { chain input { type filter hook input priority 0; } diff --git a/files/examples/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft index e92dbef6..6b3e20dc 100755 --- a/files/examples/ipv6-mangle.nft +++ b/files/nftables/ipv6-mangle.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table ip6 mangle { chain output { type route hook output priority -150; } diff --git a/files/examples/ipv6-nat.nft b/files/nftables/ipv6-nat.nft index 7437c193..ce0391df 100755 --- a/files/examples/ipv6-nat.nft +++ b/files/nftables/ipv6-nat.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table ip6 nat { chain prerouting { type nat hook prerouting priority -100; } diff --git a/files/examples/ipv6-raw.nft b/files/nftables/ipv6-raw.nft index 812703aa..504fb3e5 100755 --- a/files/examples/ipv6-raw.nft +++ b/files/nftables/ipv6-raw.nft @@ -1,4 +1,4 @@ -#!/usr/sbin/nft -f +#!@sbindir@nft -f table ip6 raw { chain prerouting { type filter hook prerouting priority -300; } |