Date: Saturday, August 16, 2014 @ 17:02:36 Author: seblu Revision: 219779
Prelimirary work for 0.3 release Added: nftables/trunk/nftables-flush nftables/trunk/nftables.conf nftables/trunk/nftables.service Modified: nftables/trunk/PKGBUILD ------------------+ PKGBUILD | 26 +++++++++++++++++++++----- nftables-flush | 30 ++++++++++++++++++++++++++++++ nftables.conf | 8 ++++++++ nftables.service | 12 ++++++++++++ 4 files changed, 71 insertions(+), 5 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-08-16 14:53:27 UTC (rev 219778) +++ PKGBUILD 2014-08-16 15:02:36 UTC (rev 219779) @@ -1,5 +1,5 @@ # $Id$ -# Maintainer: Sébastien Luttringer +# Maintainer: Sébastien "Seblu" Luttringer <[email protected]> pkgname=nftables epoch=1 @@ -11,20 +11,36 @@ license=('GPL2') depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses') makedepends=('docbook2x') -source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}) +backups=('etc/nftables.conf') +source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig} + 'nftables.conf' + 'nftables.service' + 'nftables-flush') sha1sums=('4b097c23f38575347cec21835ee0e6ef89c57455' - 'SKIP') + 'SKIP' + '7ae2ed52542e26b2fa04afc624515302ed47a13b' + 'a9021dd71f55f985a146f26a8ec66d4e15949978' + '194e4ab55f4b001396143f333988300541668e70') build() { cd $pkgname-$pkgver - ./configure --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc \ + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/usr/share/$pkgname \ CONFIG_MAN=y DB2MAN=docbook2man make } package() { - cd $pkgname-$pkgver + pushd $pkgname-$pkgver make DESTDIR="$pkgdir" install + popd + # basic safe firewall config + install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf" + # systemd + install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service" + install -Dm755 nftables-flush "$pkgdir/usr/lib/systemd/scripts/nftables-flush" } # vim:set ts=2 sw=2 et: Added: nftables-flush =================================================================== --- nftables-flush (rev 0) +++ nftables-flush 2014-08-16 15:02:36 UTC (rev 219779) @@ -0,0 +1,30 @@ +#!/bin/bash + +# Copyright © Sébastien Luttringer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +PROTOS=(ip ip6 inet arp bridge) + +for proto in "${PROTOS[@]}"; do + nft list tables "$proto"|cut -f 2 -d ' '| while read table; do + nft list table ip6 filter|awk '/^[ \t]+chain/{ print $2 }'|while read chain; do + nft delete chain "$proto" "$table" "$chain" + done + nft delete table "$proto" "$table" + done +done + +# vim:set ts=2 sw=2 et: Added: nftables.conf =================================================================== --- nftables.conf (rev 0) +++ nftables.conf 2014-08-16 15:02:36 UTC (rev 219779) @@ -0,0 +1,8 @@ +#!/usr/bin/nft -f +# Simple Safe Firewall + +table inet filter { + chain input { type filter hook input priority 0; } + chain forward { type filter hook forward priority 0; } + chain output { type filter hook output priority 0; } +} Added: nftables.service =================================================================== --- nftables.service (rev 0) +++ nftables.service 2014-08-16 15:02:36 UTC (rev 219779) @@ -0,0 +1,12 @@ +[Unit] +Description=Netfilter Tables +Documentation=man:nft(8) + +[Service] +Type=oneshot +ExecStart=/usr/bin/nft -f /etc/nftables.conf +ExecStop=/usr/lib/systemd/scripts/nftables-flush +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target
