summaryrefslogtreecommitdiffstats
path: root/files/nftables
Commit message (Collapse)AuthorAgeFilesLines
* files: restore base table skeletonsFlorian Westphal2018-05-0813-0/+124
| | | | | | | | | | | | nftables releases until 0.8.2 included base skeleton hooks that were installed into /etc/nftables (sysconfdir). With 0.8.3 and newer these files were moved to the documentation area but apparently some users expect them to be there. Resurrect them. Signed-off-by: Florian Westphal <fw@strlen.de>
* nftables: rearrange files and examplesArturo Borrero Gonzalez2018-02-2512-88/+0
| | | | | | | | | | | | | | Concatenate all family/hook examples into a single one by means of includes. Put all example files under examples/. Use the '.nft' prefix and mark them as executable files. Use a static shebang declaration, since these are examples meant for final systems and users. While at it, refresh also the sets_and_maps.nft example file and also add the 'netdev-ingress.nft' example file. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: add arp filter and add in/output to nat skeletonFlorian Westphal2017-08-234-5/+16
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: provide 'raw' table equivalentFlorian Westphal2017-03-153-1/+15
| | | | | | | | | | useful for the 'ct zone set' statement, it has to be done before the conntrack lookup but preferrably after the defragmention hook. In iptables, the functionality resides in the CT target which is restricted to the raw table. This provides the skeleton for nft. Signed-off-by: Florian Westphal <fw@strlen.de>
* build: add autotools support for the 'files' subdirGiorgio Dal Molin2014-11-129-8/+21
| | | | | | | | Added support to install some 'nft' scripts under '${sysconfdir}/nftables', typically '/etc/nftables'. Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: add inet filter table definitionPatrick McHardy2014-02-051-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Update chain creation format.Eric Leblond2013-09-177-19/+23
| | | | | | | | | | | type keyword is now mandatory when creating a new chain. This patc halso implement the change required following the usage of human notation in hook. It also suppressed non currently supported mangle chains. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Suppress non working examples.Eric Leblond2013-09-174-26/+0
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add bridge filter table definitionsPatrick McHardy2010-07-061-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* templates: add IPv6 raw table templatePatrick McHardy2009-03-181-0/+6
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-187-0/+52