[arch-commits] Commit in nftables/repos (20 files)
Sébastien Luttringer
seblu at archlinux.org
Thu Sep 17 15:41:53 UTC 2015
Date: Thursday, September 17, 2015 @ 17:41:53
Author: seblu
Revision: 246443
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch
(from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
nftables/repos/extra-i686/PKGBUILD
(from rev 246442, nftables/trunk/PKGBUILD)
nftables/repos/extra-i686/nftables-reload
(from rev 246442, nftables/trunk/nftables-reload)
nftables/repos/extra-i686/nftables.conf
(from rev 246442, nftables/trunk/nftables.conf)
nftables/repos/extra-i686/nftables.service
(from rev 246442, nftables/trunk/nftables.service)
nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch
(from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
nftables/repos/extra-x86_64/PKGBUILD
(from rev 246442, nftables/trunk/PKGBUILD)
nftables/repos/extra-x86_64/nftables-reload
(from rev 246442, nftables/trunk/nftables-reload)
nftables/repos/extra-x86_64/nftables.conf
(from rev 246442, nftables/trunk/nftables.conf)
nftables/repos/extra-x86_64/nftables.service
(from rev 246442, nftables/trunk/nftables.service)
Deleted:
nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch
nftables/repos/extra-i686/PKGBUILD
nftables/repos/extra-i686/nftables-reload
nftables/repos/extra-i686/nftables.conf
nftables/repos/extra-i686/nftables.service
nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch
nftables/repos/extra-x86_64/PKGBUILD
nftables/repos/extra-x86_64/nftables-reload
nftables/repos/extra-x86_64/nftables.conf
nftables/repos/extra-x86_64/nftables.service
---------------------------------------------------+
/01-fix-object-order-via-nft--f.patch | 100 ++++++++++++++++++
/PKGBUILD | 106 ++++++++++++++++++++
/nftables-reload | 6 +
/nftables.conf | 76 ++++++++++++++
/nftables.service | 30 +++++
extra-i686/01-fix-object-order-via-nft--f.patch | 50 ---------
extra-i686/PKGBUILD | 53 ----------
extra-i686/nftables-reload | 3
extra-i686/nftables.conf | 38 -------
extra-i686/nftables.service | 15 --
extra-x86_64/01-fix-object-order-via-nft--f.patch | 50 ---------
extra-x86_64/PKGBUILD | 53 ----------
extra-x86_64/nftables-reload | 3
extra-x86_64/nftables.conf | 38 -------
extra-x86_64/nftables.service | 15 --
15 files changed, 318 insertions(+), 318 deletions(-)
Deleted: extra-i686/01-fix-object-order-via-nft--f.patch
===================================================================
--- extra-i686/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,50 +0,0 @@
-From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo at netfilter.org>
-Date: Sat, 14 Feb 2015 21:41:23 +0100
-Subject: rule: fix object order via nft -f
-
-The objects need to be loaded in the following order:
-
- #1 tables
- #2 chains
- #3 sets
- #4 rules
-
-We have to make sure that chains are in place by when we add rules with
-jumps/gotos. Similarly, we have to make sure that the sets are in place
-by when rules reference them.
-
-Without this patch, you may hit ENOENT errors depending on your ruleset
-configuration.
-
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-
-diff --git a/src/rule.c b/src/rule.c
-index feafe26..8d76fd0 100644
---- a/src/rule.c
-+++ b/src/rule.c
-@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
- if (netlink_add_table(ctx, h, loc, table, excl) < 0)
- return -1;
- if (table != NULL) {
-+ list_for_each_entry(chain, &table->chains, list) {
-+ if (netlink_add_chain(ctx, &chain->handle,
-+ &chain->location, chain,
-+ excl) < 0)
-+ return -1;
-+ }
- list_for_each_entry(set, &table->sets, list) {
- handle_merge(&set->handle, &table->handle);
- if (do_add_set(ctx, &set->handle, set) < 0)
- return -1;
- }
- list_for_each_entry(chain, &table->chains, list) {
-- if (do_add_chain(ctx, &chain->handle, &chain->location,
-- chain, excl) < 0)
-+ if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
- return -1;
- }
- }
---
-cgit v0.10.2
-
Copied: nftables/repos/extra-i686/01-fix-object-order-via-nft--f.patch (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
===================================================================
--- extra-i686/01-fix-object-order-via-nft--f.patch (rev 0)
+++ extra-i686/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,50 @@
+From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo at netfilter.org>
+Date: Sat, 14 Feb 2015 21:41:23 +0100
+Subject: rule: fix object order via nft -f
+
+The objects need to be loaded in the following order:
+
+ #1 tables
+ #2 chains
+ #3 sets
+ #4 rules
+
+We have to make sure that chains are in place by when we add rules with
+jumps/gotos. Similarly, we have to make sure that the sets are in place
+by when rules reference them.
+
+Without this patch, you may hit ENOENT errors depending on your ruleset
+configuration.
+
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+
+diff --git a/src/rule.c b/src/rule.c
+index feafe26..8d76fd0 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
+ if (netlink_add_table(ctx, h, loc, table, excl) < 0)
+ return -1;
+ if (table != NULL) {
++ list_for_each_entry(chain, &table->chains, list) {
++ if (netlink_add_chain(ctx, &chain->handle,
++ &chain->location, chain,
++ excl) < 0)
++ return -1;
++ }
+ list_for_each_entry(set, &table->sets, list) {
+ handle_merge(&set->handle, &table->handle);
+ if (do_add_set(ctx, &set->handle, set) < 0)
+ return -1;
+ }
+ list_for_each_entry(chain, &table->chains, list) {
+- if (do_add_chain(ctx, &chain->handle, &chain->location,
+- chain, excl) < 0)
++ if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
+ return -1;
+ }
+ }
+--
+cgit v0.10.2
+
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/PKGBUILD 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,53 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-
-pkgname=nftables
-epoch=1
-pkgver=0.4
-pkgrel=4
-pkgdesc='Netfilter tables userspace tools'
-arch=('i686' 'x86_64')
-url='http://netfilter.org/projects/nftables/'
-license=('GPL2')
-depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
-makedepends=('docbook2x')
-backup=('etc/nftables.conf')
-validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
-source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
- 'nftables.conf'
- 'nftables.service'
- 'nftables-reload'
- '01-fix-object-order-via-nft--f.patch')
-sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
- 'SKIP'
- 'a7146fad414f9e827e2e83b630308890c876b80d'
- '65833b9c5b777cfb3a0776060c569a727ce6f460'
- 'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
- '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
-
-prepare() {
- patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
-}
-
-build() {
- cd $pkgname-$pkgver
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --sysconfdir=/usr/share \
- CONFIG_MAN=y DB2MAN=docbook2man
- make
-}
-
-package() {
- pushd $pkgname-$pkgver
- make DESTDIR="$pkgdir" install
- popd
- # basic safe firewall config
- install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
- # systemd
- install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
- install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: nftables/repos/extra-i686/PKGBUILD (from rev 246442, nftables/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,53 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=nftables
+epoch=1
+pkgver=0.4
+pkgrel=5
+pkgdesc='Netfilter tables userspace tools'
+arch=('i686' 'x86_64')
+url='http://netfilter.org/projects/nftables/'
+license=('GPL2')
+depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
+makedepends=('docbook2x')
+backup=('etc/nftables.conf')
+validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
+source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+ 'nftables.conf'
+ 'nftables.service'
+ 'nftables-reload'
+ '01-fix-object-order-via-nft--f.patch')
+sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
+ 'SKIP'
+ 'a7146fad414f9e827e2e83b630308890c876b80d'
+ '65833b9c5b777cfb3a0776060c569a727ce6f460'
+ 'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
+ '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
+
+prepare() {
+ patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/usr/share \
+ CONFIG_MAN=y DB2MAN=docbook2man
+ make
+}
+
+package() {
+ pushd $pkgname-$pkgver
+ make DESTDIR="$pkgdir" install
+ popd
+ # basic safe firewall config
+ install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
+ # systemd
+ install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
+ install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-i686/nftables-reload
===================================================================
--- extra-i686/nftables-reload 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables-reload 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,3 +0,0 @@
-#!/usr/bin/nft -f
-flush ruleset
-include "/etc/nftables.conf"
Copied: nftables/repos/extra-i686/nftables-reload (from rev 246442, nftables/trunk/nftables-reload)
===================================================================
--- extra-i686/nftables-reload (rev 0)
+++ extra-i686/nftables-reload 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,3 @@
+#!/usr/bin/nft -f
+flush ruleset
+include "/etc/nftables.conf"
Deleted: extra-i686/nftables.conf
===================================================================
--- extra-i686/nftables.conf 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables.conf 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,38 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-table inet filter {
- chain input {
- type filter hook input priority 0;
-
- # allow established/related connections
- ct state {established, related} accept
-
- # early drop of invalid connections
- ct state invalid drop
-
- # allow from loopback
- iifname lo accept
-
- # allow icmp
- ip protocol icmp accept
- ip6 nexthdr icmpv6 accept
-
- # allow ssh
- tcp dport ssh accept
-
- # everything else
- reject with icmp type port-unreachable
- }
- chain forward {
- type filter hook forward priority 0;
- drop
- }
- chain output {
- type filter hook output priority 0;
- }
-
-}
-
-# vim:set ts=2 sw=2 et:
Copied: nftables/repos/extra-i686/nftables.conf (from rev 246442, nftables/trunk/nftables.conf)
===================================================================
--- extra-i686/nftables.conf (rev 0)
+++ extra-i686/nftables.conf 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,38 @@
+#!/usr/bin/nft -f
+# ipv4/ipv6 Simple & Safe Firewall
+# you can find examples in /usr/share/nftables/
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+
+ # allow established/related connections
+ ct state {established, related} accept
+
+ # early drop of invalid connections
+ ct state invalid drop
+
+ # allow from loopback
+ iifname lo accept
+
+ # allow icmp
+ ip protocol icmp accept
+ ip6 nexthdr icmpv6 accept
+
+ # allow ssh
+ tcp dport ssh accept
+
+ # everything else
+ reject with icmp type port-unreachable
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ drop
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
+
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-i686/nftables.service
===================================================================
--- extra-i686/nftables.service 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-i686/nftables.service 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,15 +0,0 @@
-[Unit]
-Description=Netfilter Tables
-Documentation=man:nft(8)
-Wants=network-pre.target
-Before=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/nft -f /etc/nftables.conf
-ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
-ExecStop=/usr/bin/nft flush ruleset
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
Copied: nftables/repos/extra-i686/nftables.service (from rev 246442, nftables/trunk/nftables.service)
===================================================================
--- extra-i686/nftables.service (rev 0)
+++ extra-i686/nftables.service 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,15 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables.conf
+ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
+ExecStop=/usr/bin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
Deleted: extra-x86_64/01-fix-object-order-via-nft--f.patch
===================================================================
--- extra-x86_64/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,50 +0,0 @@
-From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo at netfilter.org>
-Date: Sat, 14 Feb 2015 21:41:23 +0100
-Subject: rule: fix object order via nft -f
-
-The objects need to be loaded in the following order:
-
- #1 tables
- #2 chains
- #3 sets
- #4 rules
-
-We have to make sure that chains are in place by when we add rules with
-jumps/gotos. Similarly, we have to make sure that the sets are in place
-by when rules reference them.
-
-Without this patch, you may hit ENOENT errors depending on your ruleset
-configuration.
-
-Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-
-diff --git a/src/rule.c b/src/rule.c
-index feafe26..8d76fd0 100644
---- a/src/rule.c
-+++ b/src/rule.c
-@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
- if (netlink_add_table(ctx, h, loc, table, excl) < 0)
- return -1;
- if (table != NULL) {
-+ list_for_each_entry(chain, &table->chains, list) {
-+ if (netlink_add_chain(ctx, &chain->handle,
-+ &chain->location, chain,
-+ excl) < 0)
-+ return -1;
-+ }
- list_for_each_entry(set, &table->sets, list) {
- handle_merge(&set->handle, &table->handle);
- if (do_add_set(ctx, &set->handle, set) < 0)
- return -1;
- }
- list_for_each_entry(chain, &table->chains, list) {
-- if (do_add_chain(ctx, &chain->handle, &chain->location,
-- chain, excl) < 0)
-+ if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
- return -1;
- }
- }
---
-cgit v0.10.2
-
Copied: nftables/repos/extra-x86_64/01-fix-object-order-via-nft--f.patch (from rev 246442, nftables/trunk/01-fix-object-order-via-nft--f.patch)
===================================================================
--- extra-x86_64/01-fix-object-order-via-nft--f.patch (rev 0)
+++ extra-x86_64/01-fix-object-order-via-nft--f.patch 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,50 @@
+From 454ffab9cc695b9618324a6a0a4dead6d5289f8d Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo at netfilter.org>
+Date: Sat, 14 Feb 2015 21:41:23 +0100
+Subject: rule: fix object order via nft -f
+
+The objects need to be loaded in the following order:
+
+ #1 tables
+ #2 chains
+ #3 sets
+ #4 rules
+
+We have to make sure that chains are in place by when we add rules with
+jumps/gotos. Similarly, we have to make sure that the sets are in place
+by when rules reference them.
+
+Without this patch, you may hit ENOENT errors depending on your ruleset
+configuration.
+
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+
+diff --git a/src/rule.c b/src/rule.c
+index feafe26..8d76fd0 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -658,14 +658,19 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h,
+ if (netlink_add_table(ctx, h, loc, table, excl) < 0)
+ return -1;
+ if (table != NULL) {
++ list_for_each_entry(chain, &table->chains, list) {
++ if (netlink_add_chain(ctx, &chain->handle,
++ &chain->location, chain,
++ excl) < 0)
++ return -1;
++ }
+ list_for_each_entry(set, &table->sets, list) {
+ handle_merge(&set->handle, &table->handle);
+ if (do_add_set(ctx, &set->handle, set) < 0)
+ return -1;
+ }
+ list_for_each_entry(chain, &table->chains, list) {
+- if (do_add_chain(ctx, &chain->handle, &chain->location,
+- chain, excl) < 0)
++ if (netlink_add_rule_list(ctx, h, &chain->rules) < 0)
+ return -1;
+ }
+ }
+--
+cgit v0.10.2
+
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/PKGBUILD 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,53 +0,0 @@
-# $Id$
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-
-pkgname=nftables
-epoch=1
-pkgver=0.4
-pkgrel=4
-pkgdesc='Netfilter tables userspace tools'
-arch=('i686' 'x86_64')
-url='http://netfilter.org/projects/nftables/'
-license=('GPL2')
-depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
-makedepends=('docbook2x')
-backup=('etc/nftables.conf')
-validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
-source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
- 'nftables.conf'
- 'nftables.service'
- 'nftables-reload'
- '01-fix-object-order-via-nft--f.patch')
-sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
- 'SKIP'
- 'a7146fad414f9e827e2e83b630308890c876b80d'
- '65833b9c5b777cfb3a0776060c569a727ce6f460'
- 'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
- '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
-
-prepare() {
- patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
-}
-
-build() {
- cd $pkgname-$pkgver
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --sysconfdir=/usr/share \
- CONFIG_MAN=y DB2MAN=docbook2man
- make
-}
-
-package() {
- pushd $pkgname-$pkgver
- make DESTDIR="$pkgdir" install
- popd
- # basic safe firewall config
- install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
- # systemd
- install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
- install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: nftables/repos/extra-x86_64/PKGBUILD (from rev 246442, nftables/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,53 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=nftables
+epoch=1
+pkgver=0.4
+pkgrel=5
+pkgdesc='Netfilter tables userspace tools'
+arch=('i686' 'x86_64')
+url='http://netfilter.org/projects/nftables/'
+license=('GPL2')
+depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
+makedepends=('docbook2x')
+backup=('etc/nftables.conf')
+validpgpkeys=('57FF5E9C9AA67A860B557AF7A4111F89BB5F58CC') # Netfilter Core Team
+source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+ 'nftables.conf'
+ 'nftables.service'
+ 'nftables-reload'
+ '01-fix-object-order-via-nft--f.patch')
+sha1sums=('c557c710510c59e4280d271e5b7232af7ba3fbb7'
+ 'SKIP'
+ 'a7146fad414f9e827e2e83b630308890c876b80d'
+ '65833b9c5b777cfb3a0776060c569a727ce6f460'
+ 'd9f40e751b44dd9dc9fdb3b7eba3cc0a9b7e1b01'
+ '90e40bc1f17963428d7d65dc8efa697d9ed9eec4')
+
+prepare() {
+ patch -p1 -d $pkgname-$pkgver < '01-fix-object-order-via-nft--f.patch'
+}
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/usr/share \
+ CONFIG_MAN=y DB2MAN=docbook2man
+ make
+}
+
+package() {
+ pushd $pkgname-$pkgver
+ make DESTDIR="$pkgdir" install
+ popd
+ # basic safe firewall config
+ install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf"
+ # systemd
+ install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service"
+ install -Dm755 nftables-reload "$pkgdir/usr/lib/systemd/scripts/nftables-reload"
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-x86_64/nftables-reload
===================================================================
--- extra-x86_64/nftables-reload 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables-reload 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,3 +0,0 @@
-#!/usr/bin/nft -f
-flush ruleset
-include "/etc/nftables.conf"
Copied: nftables/repos/extra-x86_64/nftables-reload (from rev 246442, nftables/trunk/nftables-reload)
===================================================================
--- extra-x86_64/nftables-reload (rev 0)
+++ extra-x86_64/nftables-reload 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,3 @@
+#!/usr/bin/nft -f
+flush ruleset
+include "/etc/nftables.conf"
Deleted: extra-x86_64/nftables.conf
===================================================================
--- extra-x86_64/nftables.conf 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables.conf 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,38 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-table inet filter {
- chain input {
- type filter hook input priority 0;
-
- # allow established/related connections
- ct state {established, related} accept
-
- # early drop of invalid connections
- ct state invalid drop
-
- # allow from loopback
- iifname lo accept
-
- # allow icmp
- ip protocol icmp accept
- ip6 nexthdr icmpv6 accept
-
- # allow ssh
- tcp dport ssh accept
-
- # everything else
- reject with icmp type port-unreachable
- }
- chain forward {
- type filter hook forward priority 0;
- drop
- }
- chain output {
- type filter hook output priority 0;
- }
-
-}
-
-# vim:set ts=2 sw=2 et:
Copied: nftables/repos/extra-x86_64/nftables.conf (from rev 246442, nftables/trunk/nftables.conf)
===================================================================
--- extra-x86_64/nftables.conf (rev 0)
+++ extra-x86_64/nftables.conf 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,38 @@
+#!/usr/bin/nft -f
+# ipv4/ipv6 Simple & Safe Firewall
+# you can find examples in /usr/share/nftables/
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+
+ # allow established/related connections
+ ct state {established, related} accept
+
+ # early drop of invalid connections
+ ct state invalid drop
+
+ # allow from loopback
+ iifname lo accept
+
+ # allow icmp
+ ip protocol icmp accept
+ ip6 nexthdr icmpv6 accept
+
+ # allow ssh
+ tcp dport ssh accept
+
+ # everything else
+ reject with icmp type port-unreachable
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ drop
+ }
+ chain output {
+ type filter hook output priority 0;
+ }
+
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-x86_64/nftables.service
===================================================================
--- extra-x86_64/nftables.service 2015-09-17 15:41:16 UTC (rev 246442)
+++ extra-x86_64/nftables.service 2015-09-17 15:41:53 UTC (rev 246443)
@@ -1,15 +0,0 @@
-[Unit]
-Description=Netfilter Tables
-Documentation=man:nft(8)
-Wants=network-pre.target
-Before=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/nft -f /etc/nftables.conf
-ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
-ExecStop=/usr/bin/nft flush ruleset
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
Copied: nftables/repos/extra-x86_64/nftables.service (from rev 246442, nftables/trunk/nftables.service)
===================================================================
--- extra-x86_64/nftables.service (rev 0)
+++ extra-x86_64/nftables.service 2015-09-17 15:41:53 UTC (rev 246443)
@@ -0,0 +1,15 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables.conf
+ExecReload=/usr/bin/nft -f /usr/lib/systemd/scripts/nftables-reload
+ExecStop=/usr/bin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list