[arch-commits] Commit in nftables/repos (20 files)

Sébastien Luttringer seblu at archlinux.org
Thu Sep 17 15:41:53 UTC 2015


    Date: Thursday, September 17, 2015 @ 17:41:53
  Author: seblu
Revision: 246443

archrelease: copy trunk to extra-i686, extra-x86_64

Added:
  nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch
    (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
  nftables/repos/extra-i686/PKGBUILD
    (from rev 246442, nftables/trunk/PKGBUILD)
  nftables/repos/extra-i686/nftables-reload
    (from rev 246442, nftables/trunk/nftables-reload)
  nftables/repos/extra-i686/nftables.conf
    (from rev 246442, nftables/trunk/nftables.conf)
  nftables/repos/extra-i686/nftables.service
    (from rev 246442, nftables/trunk/nftables.service)
  nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch
    (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
  nftables/repos/extra-x86_64/PKGBUILD
    (from rev 246442, nftables/trunk/PKGBUILD)
  nftables/repos/extra-x86_64/nftables-reload
    (from rev 246442, nftables/trunk/nftables-reload)
  nftables/repos/extra-x86_64/nftables.conf
    (from rev 246442, nftables/trunk/nftables.conf)
  nftables/repos/extra-x86_64/nftables.service
    (from rev 246442, nftables/trunk/nftables.service)
Deleted:
  nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch
  nftables/repos/extra-i686/PKGBUILD
  nftables/repos/extra-i686/nftables-reload
  nftables/repos/extra-i686/nftables.conf
  nftables/repos/extra-i686/nftables.service
  nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch
  nftables/repos/extra-x86_64/PKGBUILD
  nftables/repos/extra-x86_64/nftables-reload
  nftables/repos/extra-x86_64/nftables.conf
  nftables/repos/extra-x86_64/nftables.service

---------------------------------------------------+
 /01-fix-object-order-via-nft--f.patch             |  100 ++++++++++++++++++
 /PKGBUILD                                         |  106 ++++++++++++++++++++
 /nftables-reload                                  |    6 +
 /nftables.conf                                    |   76 ++++++++++++++
 /nftables.service                                 |   30 +++++
 extra-i686/01-fix-object-order-via-nft--f.patch   |   50 ---------
 extra-i686/PKGBUILD                               |   53 ----------
 extra-i686/nftables-reload                        |    3 
 extra-i686/nftables.conf                          |   38 -------
 extra-i686/nftables.service                       |   15 --
 extra-x86_64/01-fix-object-order-via-nft--f.patch |   50 ---------
 extra-x86_64/PKGBUILD                             |   53 ----------
 extra-x86_64/nftables-reload                      |    3 
 extra-x86_64/nftables.conf                        |   38 -------
 extra-x86_64/nftables.service                     |   15 --
 15 files changed, 318 insertions(+), 318 deletions(-)

Deleted: extra-i686/01-fix-object-order-via-nft--f.patch
===================================================================
--- extra-i686/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,50 +0,0 @@
-From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo at netfilter.org>
-Date: Sat, 14 Feb 2015 21:41:23 +0100
-Subject: rule: fix object order via nft -f
-
-The objects need to be loaded in the following order:
-
-	#1 tables
-	#2 chains
-	#3 sets
-	#4 rules
-
-We have to make sure that chains are in place by when we add rules with
-jumps/gotos. Similarly, we have to make sure that the sets are in place
-by when rules reference them.
-
-Without this patch, you may hit ENOENT errors depending on your ruleset
-configuration.
-
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-
-diff --git a/src/rule.c b/src/rule.c
-index feafe26..8d76fd0 100644
---- a/src/rule.c
-+++ b/src/rule.c
-@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
- 	if (netlink_add_table(ctx, h, loc, table, excl) < 0)
- 		return -1;
- 	if (table != NULL) {
-+		list_for_each_entry(chain, &table->chains, list) {
-+			if (netlink_add_chain(ctx, &chain->handle,
-+					      &chain->location, chain,
-+					      excl) < 0)
-+				return -1;
-+		}
- 		list_for_each_entry(set, &table->sets, list) {
- 			handle_merge(&set->handle, &table->handle);
- 			if (do_add_set(ctx, &set->handle, set) < 0)
- 				return -1;
- 		}
- 		list_for_each_entry(chain, &table->chains, list) {
--			if (do_add_chain(ctx, &chain->handle, &chain->location,
--					 chain, excl) < 0)
-+			if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
- 				return -1;
- 		}
- 	}
--- 
-cgit v0.10.2
-

Copied: nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
===================================================================
--- extra-i686/01-fix-object-order-via-nft--f.patch	                        (rev 0)
+++ extra-i686/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,50 @@
+From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo at netfilter.org>
+Date: Sat, 14 Feb 2015 21:41:23 +0100
+Subject: rule: fix object order via nft -f
+
+The objects need to be loaded in the following order:
+
+	#1 tables
+	#2 chains
+	#3 sets
+	#4 rules
+
+We have to make sure that chains are in place by when we add rules with
+jumps/gotos. Similarly, we have to make sure that the sets are in place
+by when rules reference them.
+
+Without this patch, you may hit ENOENT errors depending on your ruleset
+configuration.
+
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+
+diff --git a/src/rule.c b/src/rule.c
+index feafe26..8d76fd0 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
+ 	if (netlink_add_table(ctx, h, loc, table, excl) < 0)
+ 		return -1;
+ 	if (table != NULL) {
++		list_for_each_entry(chain, &table->chains, list) {
++			if (netlink_add_chain(ctx, &chain->handle,
++					      &chain->location, chain,
++					      excl) < 0)
++				return -1;
++		}
+ 		list_for_each_entry(set, &table->sets, list) {
+ 			handle_merge(&set->handle, &table->handle);
+ 			if (do_add_set(ctx, &set->handle, set) < 0)
+ 				return -1;
+ 		}
+ 		list_for_each_entry(chain, &table->chains, list) {
+-			if (do_add_chain(ctx, &chain->handle, &chain->location,
+-					 chain, excl) < 0)
++			if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
+ 				return -1;
+ 		}
+ 	}
+-- 
+cgit v0.10.2
+

Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/PKGBUILD	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,53 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-
-pkgname=nftables
-epoch=1
-pkgver=0.4
-pkgrel=4
-pkgdesc='Netfilter tables userspace tools'
-arch=('i686' 'x86_64')
-url='http://netfilter.org/projects/nftables/'
-license=('GPL2')
-depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
-makedepends=('docbook2x')
-backup=('etc/nftables.conf')
-validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
-source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
-        'nftables.conf'
-        'nftables.service'
-        'nftables-reload'
-        '01-fix-object-order-via-nft--f.patch')
-sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
-          'SKIP'
-          'a7146fad414f9e827e2e83b630308890c876b80d'
-          '65833b9c5b777cfb3a0776060c569a727ce6f460'
-          'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
-          '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
-
-prepare() {
-  patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
-}
-
-build() {
-  cd $pkgname-$pkgver
-  ./configure \
-    --prefix=/usr \
-    --sbindir=/usr/bin \
-    --sysconfdir=/usr/share \
-    CONFIG_MAN=y DB2MAN=docbook2man
-  make
-}
-
-package() {
-  pushd $pkgname-$pkgver
-  make DESTDIR="$pkgdir" install
-  popd
-  # basic safe firewall config
-  install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
-  # systemd
-  install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
-  install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
-}
-
-# vim:set ts=2 sw=2 et:

Copied: nftables/repos/extra-i686/PKGBUILD (from rev 246442, nftables/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD	                        (rev 0)
+++ extra-i686/PKGBUILD	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,53 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=nftables
+epoch=1
+pkgver=0.4
+pkgrel=5
+pkgdesc='Netfilter tables userspace tools'
+arch=('i686' 'x86_64')
+url='http://netfilter.org/projects/nftables/'
+license=('GPL2')
+depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
+makedepends=('docbook2x')
+backup=('etc/nftables.conf')
+validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
+source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+        'nftables.conf'
+        'nftables.service'
+        'nftables-reload'
+        '01-fix-object-order-via-nft--f.patch')
+sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
+          'SKIP'
+          'a7146fad414f9e827e2e83b630308890c876b80d'
+          '65833b9c5b777cfb3a0776060c569a727ce6f460'
+          'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
+          '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
+
+prepare() {
+  patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --sysconfdir=/usr/share \
+    CONFIG_MAN=y DB2MAN=docbook2man
+  make
+}
+
+package() {
+  pushd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  popd
+  # basic safe firewall config
+  install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
+  # systemd
+  install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
+  install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: extra-i686/nftables-reload
===================================================================
--- extra-i686/nftables-reload	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables-reload	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,3 +0,0 @@
-#!/usr/bin/nft -f
-flush ruleset
-include "/etc/nftables.conf"

Copied: nftables/repos/extra-i686/nftables-reload (from rev 246442, nftables/trunk/nftables-reload)
===================================================================
--- extra-i686/nftables-reload	                        (rev 0)
+++ extra-i686/nftables-reload	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,3 @@
+#!/usr/bin/nft -f
+flush ruleset
+include "/etc/nftables.conf"

Deleted: extra-i686/nftables.conf
===================================================================
--- extra-i686/nftables.conf	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables.conf	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,38 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-table inet filter {
-  chain input {
-    type filter hook input priority 0;
-
-    # allow established/related connections
-    ct state {established, related} accept
-
-    # early drop of invalid connections
-    ct state invalid drop
-
-    # allow from loopback
-    iifname lo accept
-
-    # allow icmp
-    ip protocol icmp accept
-    ip6 nexthdr icmpv6 accept
-
-    # allow ssh
-    tcp dport ssh accept
-
-    # everything else
-    reject with icmp type port-unreachable
-  }
-  chain forward {
-    type filter hook forward priority 0;
-    drop
-  }
-  chain output {
-    type filter hook output priority 0;
-  }
-
-}
-
-# vim:set ts=2 sw=2 et:

Copied: nftables/repos/extra-i686/nftables.conf (from rev 246442, nftables/trunk/nftables.conf)
===================================================================
--- extra-i686/nftables.conf	                        (rev 0)
+++ extra-i686/nftables.conf	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,38 @@
+#!/usr/bin/nft -f
+# ipv4/ipv6 Simple & Safe Firewall
+# you can find examples in /usr/share/nftables/
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0;
+
+    # allow established/related connections
+    ct state {established, related} accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow ssh
+    tcp dport ssh accept
+
+    # everything else
+    reject with icmp type port-unreachable
+  }
+  chain forward {
+    type filter hook forward priority 0;
+    drop
+  }
+  chain output {
+    type filter hook output priority 0;
+  }
+
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: extra-i686/nftables.service
===================================================================
--- extra-i686/nftables.service	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables.service	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,15 +0,0 @@
-[Unit]
-Description=Netfilter Tables
-Documentation=man:nft(8)
-Wants=network-pre.target
-Before=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/nft -f /etc/nftables.conf
-ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
-ExecStop=/usr/bin/nft flush ruleset
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target

Copied: nftables/repos/extra-i686/nftables.service (from rev 246442, nftables/trunk/nftables.service)
===================================================================
--- extra-i686/nftables.service	                        (rev 0)
+++ extra-i686/nftables.service	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,15 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables.conf
+ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
+ExecStop=/usr/bin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

Deleted: extra-x86_64/01-fix-object-order-via-nft--f.patch
===================================================================
--- extra-x86_64/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,50 +0,0 @@
-From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo at netfilter.org>
-Date: Sat, 14 Feb 2015 21:41:23 +0100
-Subject: rule: fix object order via nft -f
-
-The objects need to be loaded in the following order:
-
-	#1 tables
-	#2 chains
-	#3 sets
-	#4 rules
-
-We have to make sure that chains are in place by when we add rules with
-jumps/gotos. Similarly, we have to make sure that the sets are in place
-by when rules reference them.
-
-Without this patch, you may hit ENOENT errors depending on your ruleset
-configuration.
-
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-
-diff --git a/src/rule.c b/src/rule.c
-index feafe26..8d76fd0 100644
---- a/src/rule.c
-+++ b/src/rule.c
-@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
- 	if (netlink_add_table(ctx, h, loc, table, excl) < 0)
- 		return -1;
- 	if (table != NULL) {
-+		list_for_each_entry(chain, &table->chains, list) {
-+			if (netlink_add_chain(ctx, &chain->handle,
-+					      &chain->location, chain,
-+					      excl) < 0)
-+				return -1;
-+		}
- 		list_for_each_entry(set, &table->sets, list) {
- 			handle_merge(&set->handle, &table->handle);
- 			if (do_add_set(ctx, &set->handle, set) < 0)
- 				return -1;
- 		}
- 		list_for_each_entry(chain, &table->chains, list) {
--			if (do_add_chain(ctx, &chain->handle, &chain->location,
--					 chain, excl) < 0)
-+			if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
- 				return -1;
- 		}
- 	}
--- 
-cgit v0.10.2
-

Copied: nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
===================================================================
--- extra-x86_64/01-fix-object-order-via-nft--f.patch	                        (rev 0)
+++ extra-x86_64/01-fix-object-order-via-nft--f.patch	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,50 @@
+From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo at netfilter.org>
+Date: Sat, 14 Feb 2015 21:41:23 +0100
+Subject: rule: fix object order via nft -f
+
+The objects need to be loaded in the following order:
+
+	#1 tables
+	#2 chains
+	#3 sets
+	#4 rules
+
+We have to make sure that chains are in place by when we add rules with
+jumps/gotos. Similarly, we have to make sure that the sets are in place
+by when rules reference them.
+
+Without this patch, you may hit ENOENT errors depending on your ruleset
+configuration.
+
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+
+diff --git a/src/rule.c b/src/rule.c
+index feafe26..8d76fd0 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
+ 	if (netlink_add_table(ctx, h, loc, table, excl) < 0)
+ 		return -1;
+ 	if (table != NULL) {
++		list_for_each_entry(chain, &table->chains, list) {
++			if (netlink_add_chain(ctx, &chain->handle,
++					      &chain->location, chain,
++					      excl) < 0)
++				return -1;
++		}
+ 		list_for_each_entry(set, &table->sets, list) {
+ 			handle_merge(&set->handle, &table->handle);
+ 			if (do_add_set(ctx, &set->handle, set) < 0)
+ 				return -1;
+ 		}
+ 		list_for_each_entry(chain, &table->chains, list) {
+-			if (do_add_chain(ctx, &chain->handle, &chain->location,
+-					 chain, excl) < 0)
++			if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
+ 				return -1;
+ 		}
+ 	}
+-- 
+cgit v0.10.2
+

Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/PKGBUILD	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,53 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-
-pkgname=nftables
-epoch=1
-pkgver=0.4
-pkgrel=4
-pkgdesc='Netfilter tables userspace tools'
-arch=('i686' 'x86_64')
-url='http://netfilter.org/projects/nftables/'
-license=('GPL2')
-depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
-makedepends=('docbook2x')
-backup=('etc/nftables.conf')
-validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
-source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
-        'nftables.conf'
-        'nftables.service'
-        'nftables-reload'
-        '01-fix-object-order-via-nft--f.patch')
-sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
-          'SKIP'
-          'a7146fad414f9e827e2e83b630308890c876b80d'
-          '65833b9c5b777cfb3a0776060c569a727ce6f460'
-          'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
-          '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
-
-prepare() {
-  patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
-}
-
-build() {
-  cd $pkgname-$pkgver
-  ./configure \
-    --prefix=/usr \
-    --sbindir=/usr/bin \
-    --sysconfdir=/usr/share \
-    CONFIG_MAN=y DB2MAN=docbook2man
-  make
-}
-
-package() {
-  pushd $pkgname-$pkgver
-  make DESTDIR="$pkgdir" install
-  popd
-  # basic safe firewall config
-  install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
-  # systemd
-  install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
-  install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
-}
-
-# vim:set ts=2 sw=2 et:

Copied: nftables/repos/extra-x86_64/PKGBUILD (from rev 246442, nftables/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD	                        (rev 0)
+++ extra-x86_64/PKGBUILD	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,53 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=nftables
+epoch=1
+pkgver=0.4
+pkgrel=5
+pkgdesc='Netfilter tables userspace tools'
+arch=('i686' 'x86_64')
+url='http://netfilter.org/projects/nftables/'
+license=('GPL2')
+depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
+makedepends=('docbook2x')
+backup=('etc/nftables.conf')
+validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
+source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+        'nftables.conf'
+        'nftables.service'
+        'nftables-reload'
+        '01-fix-object-order-via-nft--f.patch')
+sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
+          'SKIP'
+          'a7146fad414f9e827e2e83b630308890c876b80d'
+          '65833b9c5b777cfb3a0776060c569a727ce6f460'
+          'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
+          '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
+
+prepare() {
+  patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --sysconfdir=/usr/share \
+    CONFIG_MAN=y DB2MAN=docbook2man
+  make
+}
+
+package() {
+  pushd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  popd
+  # basic safe firewall config
+  install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
+  # systemd
+  install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
+  install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: extra-x86_64/nftables-reload
===================================================================
--- extra-x86_64/nftables-reload	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables-reload	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,3 +0,0 @@
-#!/usr/bin/nft -f
-flush ruleset
-include "/etc/nftables.conf"

Copied: nftables/repos/extra-x86_64/nftables-reload (from rev 246442, nftables/trunk/nftables-reload)
===================================================================
--- extra-x86_64/nftables-reload	                        (rev 0)
+++ extra-x86_64/nftables-reload	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,3 @@
+#!/usr/bin/nft -f
+flush ruleset
+include "/etc/nftables.conf"

Deleted: extra-x86_64/nftables.conf
===================================================================
--- extra-x86_64/nftables.conf	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables.conf	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,38 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-table inet filter {
-  chain input {
-    type filter hook input priority 0;
-
-    # allow established/related connections
-    ct state {established, related} accept
-
-    # early drop of invalid connections
-    ct state invalid drop
-
-    # allow from loopback
-    iifname lo accept
-
-    # allow icmp
-    ip protocol icmp accept
-    ip6 nexthdr icmpv6 accept
-
-    # allow ssh
-    tcp dport ssh accept
-
-    # everything else
-    reject with icmp type port-unreachable
-  }
-  chain forward {
-    type filter hook forward priority 0;
-    drop
-  }
-  chain output {
-    type filter hook output priority 0;
-  }
-
-}
-
-# vim:set ts=2 sw=2 et:

Copied: nftables/repos/extra-x86_64/nftables.conf (from rev 246442, nftables/trunk/nftables.conf)
===================================================================
--- extra-x86_64/nftables.conf	                        (rev 0)
+++ extra-x86_64/nftables.conf	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,38 @@
+#!/usr/bin/nft -f
+# ipv4/ipv6 Simple & Safe Firewall
+# you can find examples in /usr/share/nftables/
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0;
+
+    # allow established/related connections
+    ct state {established, related} accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow ssh
+    tcp dport ssh accept
+
+    # everything else
+    reject with icmp type port-unreachable
+  }
+  chain forward {
+    type filter hook forward priority 0;
+    drop
+  }
+  chain output {
+    type filter hook output priority 0;
+  }
+
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: extra-x86_64/nftables.service
===================================================================
--- extra-x86_64/nftables.service	2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables.service	2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,15 +0,0 @@
-[Unit]
-Description=Netfilter Tables
-Documentation=man:nft(8)
-Wants=network-pre.target
-Before=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/nft -f /etc/nftables.conf
-ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
-ExecStop=/usr/bin/nft flush ruleset
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target

Copied: nftables/repos/extra-x86_64/nftables.service (from rev 246442, nftables/trunk/nftables.service)
===================================================================
--- extra-x86_64/nftables.service	                        (rev 0)
+++ extra-x86_64/nftables.service	2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,15 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables.conf
+ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
+ExecStop=/usr/bin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target



More information about the arch-commits mailing list