From fac10ea799fe9b6158d74f66d6ad46536d38a545 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Wed, 18 Mar 2009 04:55:00 +0100
Subject: Initial commit

---
 files/nftables/ipv4-filter   | 7 +++++++
 files/nftables/ipv4-mangle   | 9 +++++++++
 files/nftables/ipv4-raw      | 6 ++++++
 files/nftables/ipv4-security | 7 +++++++
 files/nftables/ipv6-filter   | 7 +++++++
 files/nftables/ipv6-mangle   | 9 +++++++++
 files/nftables/ipv6-security | 7 +++++++
 7 files changed, 52 insertions(+)
 create mode 100644 files/nftables/ipv4-filter
 create mode 100644 files/nftables/ipv4-mangle
 create mode 100644 files/nftables/ipv4-raw
 create mode 100644 files/nftables/ipv4-security
 create mode 100644 files/nftables/ipv6-filter
 create mode 100644 files/nftables/ipv6-mangle
 create mode 100644 files/nftables/ipv6-security

(limited to 'files/nftables')

diff --git a/files/nftables/ipv4-filter b/files/nftables/ipv4-filter
new file mode 100644
index 00000000..3f962143
--- /dev/null
+++ b/files/nftables/ipv4-filter
@@ -0,0 +1,7 @@
+#! nft -f
+
+table filter {
+	chain input		{ hook NF_INET_LOCAL_IN		0; }
+	chain forward		{ hook NF_INET_FORWARD		0; }
+	chain output		{ hook NF_INET_LOCAL_OUT	0; }
+}
diff --git a/files/nftables/ipv4-mangle b/files/nftables/ipv4-mangle
new file mode 100644
index 00000000..339cacea
--- /dev/null
+++ b/files/nftables/ipv4-mangle
@@ -0,0 +1,9 @@
+#! nft -f
+
+table mangle {
+	chain prerouting	{ hook NF_INET_PRE_ROUTING	-150; }
+	chain input		{ hook NF_INET_LOCAL_IN		-150; }
+	chain forward		{ hook NF_INET_FORWARD		-150; }
+	chain output		{ hook NF_INET_LOCAL_OUT	-150; }
+	chain postrouting	{ hook NF_INET_POST_ROUTING	-150; }
+}
diff --git a/files/nftables/ipv4-raw b/files/nftables/ipv4-raw
new file mode 100644
index 00000000..6bc21815
--- /dev/null
+++ b/files/nftables/ipv4-raw
@@ -0,0 +1,6 @@
+#! nft -f
+
+table raw {
+	chain prerouting	{ hook NF_INET_PRE_ROUTING	-300; }
+	chain output		{ hook NF_INET_LOCAL_OUT	-300; }
+}
diff --git a/files/nftables/ipv4-security b/files/nftables/ipv4-security
new file mode 100644
index 00000000..3ac5bd2b
--- /dev/null
+++ b/files/nftables/ipv4-security
@@ -0,0 +1,7 @@
+#! nft -f
+
+table security {
+	chain input		{ hook NF_INET_LOCAL_IN		50; }
+	chain forward		{ hook NF_INET_FORWARD		50; }
+	chain output		{ hook NF_INET_LOCAL_OUT	50; }
+}
diff --git a/files/nftables/ipv6-filter b/files/nftables/ipv6-filter
new file mode 100644
index 00000000..9e412784
--- /dev/null
+++ b/files/nftables/ipv6-filter
@@ -0,0 +1,7 @@
+#! nft -f
+
+table ip6 filter {
+	chain input		{ hook NF_INET_LOCAL_IN		0; }
+	chain forward		{ hook NF_INET_FORWARD		0; }
+	chain output		{ hook NF_INET_LOCAL_OUT	0; }
+}
diff --git a/files/nftables/ipv6-mangle b/files/nftables/ipv6-mangle
new file mode 100644
index 00000000..dc18c7a8
--- /dev/null
+++ b/files/nftables/ipv6-mangle
@@ -0,0 +1,9 @@
+#! nft -f
+
+table ip6 mangle {
+	chain prerouting	{ hook NF_INET_PRE_ROUTING	-150; }
+	chain input		{ hook NF_INET_LOCAL_IN		-150; }
+	chain forward		{ hook NF_INET_FORWARD		-150; }
+	chain output		{ hook NF_INET_LOCAL_OUT	-150; }
+	chain postrouting	{ hook NF_INET_POST_ROUTING	-150; }
+}
diff --git a/files/nftables/ipv6-security b/files/nftables/ipv6-security
new file mode 100644
index 00000000..f379bfd3
--- /dev/null
+++ b/files/nftables/ipv6-security
@@ -0,0 +1,7 @@
+#! nft -f
+
+table ip6 security {
+	chain input		{ hook NF_INET_LOCAL_IN		50; }
+	chain forward		{ hook NF_INET_FORWARD		50; }
+	chain output		{ hook NF_INET_LOCAL_OUT	50; }
+}
-- 
cgit v1.2.3