[arch-commits] Commit in nftables/trunk (PKGBUILD nftables.conf)

Tue Aug 19 10:36:03 UTC 2014

Date: Tuesday, August 19, 2014 @ 12:36:03
  Author: seblu
Revision: 220244

upgpkg: nftables 1:0.3-1

- upstream bump
- add service file and default config file
- close FS#41099
- close FS#40237

Modified:
  nftables/trunk/PKGBUILD
  nftables/trunk/nftables.conf

---------------+
 PKGBUILD      |    8 ++++----
 nftables.conf |   38 ++++++++++++++++++++++++++++++++++----
 2 files changed, 38 insertions(+), 8 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2014-08-19 10:35:12 UTC (rev 220243)
+++ PKGBUILD	2014-08-19 10:36:03 UTC (rev 220244)
@@ -5,13 +5,13 @@
 epoch=1
 pkgver=0.3
 pkgrel=1
-pkgdesc='Netfilter nftables userspace tools'
+pkgdesc='Netfilter tables userspace tools'
 arch=('i686' 'x86_64')
 url='http://netfilter.org/projects/nftables/'
 license=('GPL2')
 depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
 makedepends=('docbook2x')
-backups=('etc/nftables.conf')
+backup=('etc/nftables.conf')
 source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
         'nftables.conf'
         'nftables.service'
@@ -18,7 +18,7 @@
         'nftables-flush')
 sha1sums=('4b097c23f38575347cec21835ee0e6ef89c57455'
           'SKIP'
-          '7ae2ed52542e26b2fa04afc624515302ed47a13b'
+          '041027cc0c217a5efa6b513a75736e28ab6db076'
           'a9021dd71f55f985a146f26a8ec66d4e15949978'
           '194e4ab55f4b001396143f333988300541668e70')
 
@@ -27,7 +27,7 @@
   ./configure \
     --prefix=/usr \
     --sbindir=/usr/bin \
-    --sysconfdir=/usr/share/$pkgname \
+    --sysconfdir=/usr/share \
     CONFIG_MAN=y DB2MAN=docbook2man
   make
 }

Modified: nftables.conf
===================================================================
--- nftables.conf	2014-08-19 10:35:12 UTC (rev 220243)
+++ nftables.conf	2014-08-19 10:36:03 UTC (rev 220244)
@@ -1,8 +1,38 @@
 #!/usr/bin/nft -f
-# Simple Safe Firewall
+# ipv4/ipv6 Simple & Safe Firewall
+# you can find examples in /usr/share/nftables/
 
 table inet filter {
-	chain input		{ type filter hook input priority 0; }
-	chain forward		{ type filter hook forward priority 0; }
-	chain output		{ type filter hook output priority 0; }
+  chain input {
+    type filter hook input priority 0;
+
+    # allow established/related connections
+    ct state {established, related} accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow ssh
+    tcp dport ssh accept
+
+    # everything else
+    reject
+  }
+  chain forward {
+    type filter hook forward priority 0;
+    drop
+  }
+  chain output {
+    type filter hook output priority 0;
+  }
+
 }
+
+# vim:set ts=2 sw=2 et:


