From 82fe8e1ffd006d0f0fd3cdd2df5ca2514de10db9 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 6 Nov 2019 21:59:07 +0100 Subject: files: Drop shebangs from config files These are not meant to be executed as is but instead loaded via 'nft -f' - all-in-one.nft even points this out in header comment. While being at it, drop two spelling mistakes found along the way. Consequently remove executable bits - being registered in automake as dist_pkgsysconf_DATA, they're changed to 644 upon installation anyway. Also there is obviously no need for replacement of nft binary path anymore, drop that bit from Makefile.am. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- files/nftables/Makefile.am | 3 --- files/nftables/all-in-one.nft | 4 +--- files/nftables/arp-filter.nft | 2 -- files/nftables/bridge-filter.nft | 2 -- files/nftables/inet-filter.nft | 2 -- files/nftables/inet-nat.nft | 2 -- files/nftables/ipv4-filter.nft | 2 -- files/nftables/ipv4-mangle.nft | 2 -- files/nftables/ipv4-nat.nft | 2 -- files/nftables/ipv4-raw.nft | 2 -- files/nftables/ipv6-filter.nft | 2 -- files/nftables/ipv6-mangle.nft | 2 -- files/nftables/ipv6-nat.nft | 2 -- files/nftables/ipv6-raw.nft | 2 -- files/nftables/netdev-ingress.nft | 4 +--- 15 files changed, 2 insertions(+), 33 deletions(-) mode change 100755 => 100644 files/nftables/all-in-one.nft mode change 100755 => 100644 files/nftables/arp-filter.nft mode change 100755 => 100644 files/nftables/bridge-filter.nft mode change 100755 => 100644 files/nftables/inet-filter.nft mode change 100755 => 100644 files/nftables/inet-nat.nft mode change 100755 => 100644 files/nftables/ipv4-filter.nft mode change 100755 => 100644 files/nftables/ipv4-mangle.nft mode change 100755 => 100644 files/nftables/ipv4-nat.nft mode change 100755 => 100644 files/nftables/ipv4-raw.nft mode change 100755 => 100644 files/nftables/ipv6-filter.nft mode change 100755 => 100644 files/nftables/ipv6-mangle.nft mode change 100755 => 100644 files/nftables/ipv6-nat.nft mode change 100755 => 100644 files/nftables/ipv6-raw.nft mode change 100755 => 100644 files/nftables/netdev-ingress.nft (limited to 'files/nftables') diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am index 2a511cd1..fc8b94ea 100644 --- a/files/nftables/Makefile.am +++ b/files/nftables/Makefile.am @@ -13,6 +13,3 @@ dist_pkgsysconf_DATA = all-in-one.nft \ ipv6-nat.nft \ ipv6-raw.nft \ netdev-ingress.nft - -install-data-hook: - ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*.nft diff --git a/files/nftables/all-in-one.nft b/files/nftables/all-in-one.nft old mode 100755 new mode 100644 index d3aa7f37..15ac22e2 --- a/files/nftables/all-in-one.nft +++ b/files/nftables/all-in-one.nft @@ -1,12 +1,10 @@ -#!@sbindir@nft -f - # Here is an example of different families, hooks and priorities in the # nftables framework, all mixed together. # # more examples are located in files/examples in nftables source. # For up-to-date information please visit https://wiki.nftables.org # -# This script is mean to be loaded with `nft -f ` +# This script is meant to be loaded with `nft -f ` # clear all prior state flush ruleset diff --git a/files/nftables/arp-filter.nft b/files/nftables/arp-filter.nft old mode 100755 new mode 100644 index 8a350b1e..6e4c6248 --- a/files/nftables/arp-filter.nft +++ b/files/nftables/arp-filter.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table arp filter { chain input { type filter hook input priority 0; } chain output { type filter hook output priority 0; } diff --git a/files/nftables/bridge-filter.nft b/files/nftables/bridge-filter.nft old mode 100755 new mode 100644 index 93efe864..f071205e --- a/files/nftables/bridge-filter.nft +++ b/files/nftables/bridge-filter.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table bridge filter { chain input { type filter hook input priority -200; } chain forward { type filter hook forward priority -200; } diff --git a/files/nftables/inet-filter.nft b/files/nftables/inet-filter.nft old mode 100755 new mode 100644 index 7be447fd..bfe43b4f --- a/files/nftables/inet-filter.nft +++ b/files/nftables/inet-filter.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table inet filter { chain input { type filter hook input priority 0; } chain forward { type filter hook forward priority 0; } diff --git a/files/nftables/inet-nat.nft b/files/nftables/inet-nat.nft old mode 100755 new mode 100644 index 52fcdb54..babd7f00 --- a/files/nftables/inet-nat.nft +++ b/files/nftables/inet-nat.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table inet nat { chain prerouting { type nat hook prerouting priority -100; } chain input { type nat hook input priority 100; } diff --git a/files/nftables/ipv4-filter.nft b/files/nftables/ipv4-filter.nft old mode 100755 new mode 100644 index 51c060f6..ab62024f --- a/files/nftables/ipv4-filter.nft +++ b/files/nftables/ipv4-filter.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table filter { chain input { type filter hook input priority 0; } chain forward { type filter hook forward priority 0; } diff --git a/files/nftables/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft old mode 100755 new mode 100644 index dba8888c..07da5bd9 --- a/files/nftables/ipv4-mangle.nft +++ b/files/nftables/ipv4-mangle.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table mangle { chain output { type route hook output priority -150; } } diff --git a/files/nftables/ipv4-nat.nft b/files/nftables/ipv4-nat.nft old mode 100755 new mode 100644 index 6754e5ee..2c9ce7c5 --- a/files/nftables/ipv4-nat.nft +++ b/files/nftables/ipv4-nat.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table nat { chain prerouting { type nat hook prerouting priority -100; } chain input { type nat hook input priority 100; } diff --git a/files/nftables/ipv4-raw.nft b/files/nftables/ipv4-raw.nft old mode 100755 new mode 100644 index c3fed191..2318e875 --- a/files/nftables/ipv4-raw.nft +++ b/files/nftables/ipv4-raw.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table raw { chain prerouting { type filter hook prerouting priority -300; } chain output { type filter hook output priority -300; } diff --git a/files/nftables/ipv6-filter.nft b/files/nftables/ipv6-filter.nft old mode 100755 new mode 100644 index 266bed36..383d075d --- a/files/nftables/ipv6-filter.nft +++ b/files/nftables/ipv6-filter.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table ip6 filter { chain input { type filter hook input priority 0; } chain forward { type filter hook forward priority 0; } diff --git a/files/nftables/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft old mode 100755 new mode 100644 index 6b3e20dc..88c51e52 --- a/files/nftables/ipv6-mangle.nft +++ b/files/nftables/ipv6-mangle.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table ip6 mangle { chain output { type route hook output priority -150; } } diff --git a/files/nftables/ipv6-nat.nft b/files/nftables/ipv6-nat.nft old mode 100755 new mode 100644 index ce0391df..6a356f1e --- a/files/nftables/ipv6-nat.nft +++ b/files/nftables/ipv6-nat.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table ip6 nat { chain prerouting { type nat hook prerouting priority -100; } chain input { type nat hook input priority 100; } diff --git a/files/nftables/ipv6-raw.nft b/files/nftables/ipv6-raw.nft old mode 100755 new mode 100644 index 504fb3e5..f92668be --- a/files/nftables/ipv6-raw.nft +++ b/files/nftables/ipv6-raw.nft @@ -1,5 +1,3 @@ -#!@sbindir@nft -f - table ip6 raw { chain prerouting { type filter hook prerouting priority -300; } chain output { type filter hook output priority -300; } diff --git a/files/nftables/netdev-ingress.nft b/files/nftables/netdev-ingress.nft old mode 100755 new mode 100644 index 9e46b15a..3ed881af --- a/files/nftables/netdev-ingress.nft +++ b/files/nftables/netdev-ingress.nft @@ -1,6 +1,4 @@ -#!@sbindir@nft -f - -# mind the NIC, it must exists +# mind the NIC, it must exist table netdev filter { chain loinput { type filter hook ingress device lo priority 0; } } -- cgit v1.2.3