This adds only empty chains, but it will be needed for the bbinit
startscript not to fail. User will probably overwrite it with something
more useful.

Signed-off-by: Alexander Dahl <a...@thorsis.com>
---
 projectroot/etc/nftables.conf | 15 +++++++++++++++
 rules/nftables.make           |  1 +
 2 files changed, 16 insertions(+)
 create mode 100755 projectroot/etc/nftables.conf

diff --git a/projectroot/etc/nftables.conf b/projectroot/etc/nftables.conf
new file mode 100755
index 0000000000..2c09327d7f
--- /dev/null
+++ b/projectroot/etc/nftables.conf
@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table filter {
+       chain input {
+               type filter hook input priority 0;
+       }
+       chain forward {
+               type filter hook forward priority 0;
+       }
+       chain output {
+               type filter hook output priority 0;
+       }
+}
diff --git a/rules/nftables.make b/rules/nftables.make
index 774a1fd935..6c978aa21c 100644
--- a/rules/nftables.make
+++ b/rules/nftables.make
@@ -56,6 +56,7 @@ $(STATEDIR)/nftables.targetinstall:
        @$(call install_fixup, nftables,DESCRIPTION,missing)
 
        @$(call install_copy, nftables, 0, 0, 0755, -, /usr/sbin/nft)
+       @$(call install_alternative, nftables, 0, 0, 0755, /etc/nftables.conf)
 
        @$(call install_finish, nftables)
 
-- 
2.11.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Reply via email to