[arch-commits] Commit in nftables/trunk (4 files)

Sébastien Luttringer seblu at archlinux.org
Sat Aug 16 15:02:37 UTC 2014 

    Date: Saturday, August 16, 2014 @ 17:02:36
  Author: seblu
Revision: 219779

Prelimirary work for 0.3 release

Added:
  nftables/trunk/nftables-flush
  nftables/trunk/nftables.conf
  nftables/trunk/nftables.service
Modified:
  nftables/trunk/PKGBUILD

------------------+
 PKGBUILD         |   26 +++++++++++++++++++++-----
 nftables-flush   |   30 ++++++++++++++++++++++++++++++
 nftables.conf    |    8 ++++++++
 nftables.service |   12 ++++++++++++
 4 files changed, 71 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-08-16 14:53:27 UTC (rev 219778)
+++ PKGBUILD	2014-08-16 15:02:36 UTC (rev 219779)
@@ -1,5 +1,5 @@
 # $Id$
-# Maintainer: Sébastien Luttringer
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
 
 pkgname=nftables
 epoch=1
@@ -11,20 +11,36 @@
 license=('GPL2')
 depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
 makedepends=('docbook2x')
-source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig})
+backups=('etc/nftables.conf')
+source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+        'nftables.conf'
+        'nftables.service'
+        'nftables-flush')
 sha1sums=('4b097c23f38575347cec21835ee0e6ef89c57455'
-          'SKIP')
+          'SKIP'
+          '7ae2ed52542e26b2fa04afc624515302ed47a13b'
+          'a9021dd71f55f985a146f26a8ec66d4e15949978'
+          '194e4ab55f4b001396143f333988300541668e70')
 
 build() {
   cd $pkgname-$pkgver
-  ./configure --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc \
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --sysconfdir=/usr/share/$pkgname \
     CONFIG_MAN=y DB2MAN=docbook2man
   make
 }
 
 package() {
-  cd $pkgname-$pkgver
+  pushd $pkgname-$pkgver
   make DESTDIR="$pkgdir" install
+  popd
+  # basic safe firewall config
+  install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
+  # systemd
+  install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
+  install -Dm755 nftables-flush "$pkgdir/usr/lib/systemd/scripts/nftables-flush"
 }
 
 # vim:set ts=2 sw=2 et:

Added: nftables-flush
===================================================================
--- nftables-flush	                        (rev 0)
+++ nftables-flush	2014-08-16 15:02:36 UTC (rev 219779)
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Copyright © Sébastien Luttringer
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+PROTOS=(ip ip6 inet arp bridge)
+
+for proto in "${PROTOS[@]}"; do
+	nft list tables "$proto"|cut -f 2 -d ' '| while read table; do
+		nft list table ip6 filter|awk '/^[ \t]+chain/{ print $2 }'|while read chain; do
+			nft delete chain "$proto" "$table" "$chain"
+		done
+		nft delete table "$proto" "$table"
+	done
+done
+
+# vim:set ts=2 sw=2 et:

Added: nftables.conf
===================================================================
--- nftables.conf	                        (rev 0)
+++ nftables.conf	2014-08-16 15:02:36 UTC (rev 219779)
@@ -0,0 +1,8 @@
+#!/usr/bin/nft -f
+# Simple Safe Firewall
+
+table inet filter {
+	chain input		{ type filter hook input priority 0; }
+	chain forward		{ type filter hook forward priority 0; }
+	chain output		{ type filter hook output priority 0; }
+}

Added: nftables.service
===================================================================
--- nftables.service	                        (rev 0)
+++ nftables.service	2014-08-16 15:02:36 UTC (rev 219779)
@@ -0,0 +1,12 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables.conf
+ExecStop=/usr/lib/systemd/scripts/nftables-flush
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

More information about the arch-commits mailing list