summaryrefslogtreecommitdiffstats
path: root/files
Commit message (Collapse)AuthorAgeFilesLines
* files: provide 'raw' table equivalentFlorian Westphal2017-03-153-1/+15
| | | | | | | | | | useful for the 'ct zone set' statement, it has to be done before the conntrack lookup but preferrably after the defragmention hook. In iptables, the functionality resides in the CT target which is restricted to the raw table. This provides the skeleton for nft. Signed-off-by: Florian Westphal <fw@strlen.de>
* examples: use current type namesFlorian Westphal2016-02-251-5/+5
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* build: add autotools support for the 'files' subdirGiorgio Dal Molin2014-11-1211-13/+22
| | | | | | | | Added support to install some 'nft' scripts under '${sysconfdir}/nftables', typically '/etc/nftables'. Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: add inet filter table definitionPatrick McHardy2014-02-051-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use ':' instead of '=>' in dictionariesPablo Neira Ayuso2014-01-161-4/+4
| | | | | | | | | | | | | Replace => by : to make it easier for most shell users, as > implies a redirection, let's avoid possible confusion that may result if you forget to escape it. This works fine if you don't forget to add space between the key and the value. If you forget to add the space, depending on the case, the scanner may recognize it correctly or process it as a string. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* files: replace interpreter during installationArturo Borrero Gonzalez2014-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | | Many systems (for example Debian) don't recognice `#!nft -f' as a valid interpreter. A short way to handle this is to provide the full path to the interpreter in the shebang. That is what this patch does: update the shebang's path during installation. For example, if you are installing under /usr/local, the shebang becomes: #!/usr/local/sbin/nft -f If using --prefix=/, then: #!/sbin/nft -f NOTE: If the shebang in source files are changed in a future, this sed script should be updated as well. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* nftables: drop hard coded install using root user owner and groupKevin Fenzi2014-01-131-1/+1
| | | | | | | | Packaging systems build as a non priv user, so can't install as root. Users installing from source can 'sudo make install' or run 'make install' as root Signed-off-by: Kevin Fenzi <kevin@scrye.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* examples: adjust new chain type syntax in sets_and_maps filePhil Oester2013-11-301-1/+1
| | | | | | | This example file has not been updated with new syntax. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Update chain creation format.Eric Leblond2013-09-177-19/+23
| | | | | | | | | | | type keyword is now mandatory when creating a new chain. This patc halso implement the change required following the usage of human notation in hook. It also suppressed non currently supported mangle chains. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Suppress non working examples.Eric Leblond2013-09-174-26/+0
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add bridge filter table definitionsPatrick McHardy2010-07-061-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* add support for new set API and standalone setsPatrick McHardy2009-07-281-0/+53
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* templates: add IPv6 raw table templatePatrick McHardy2009-03-181-0/+6
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-188-0/+56