[arch-commits] Commit in nftables/trunk (PKGBUILD nftables.conf)

Sébastien Luttringer seblu at archlinux.org
Tue Jul 6 18:36:36 UTC 2021 

    Date: Tuesday, July 6, 2021 @ 18:36:23
  Author: seblu
Revision: 419047

upgpkg: nftables 1:0.9.9-4

- use nft comment in default config (see FS#71444).

Modified:
  nftables/trunk/PKGBUILD
  nftables/trunk/nftables.conf

---------------+
 PKGBUILD      |    4 ++--
 nftables.conf |   25 ++++++-------------------
 2 files changed, 8 insertions(+), 21 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-07-06 18:05:54 UTC (rev 419046)
+++ PKGBUILD	2021-07-06 18:36:23 UTC (rev 419047)
@@ -3,7 +3,7 @@
 pkgname=nftables
 epoch=1
 pkgver=0.9.9
-pkgrel=3
+pkgrel=4
 pkgdesc='Netfilter tables userspace tools'
 arch=('x86_64')
 url='https://netfilter.org/projects/nftables/'
@@ -19,7 +19,7 @@
 install=nftables.install
 sha256sums=('76ef2dc7fd0d79031a8369487739a217ca83996b3a746cec5bda79da11e3f1b4'
             'SKIP'
-            '4f69a19bde72e15205eaf661e01bcd6ca3e78901c591947c271efd40b0f0138c'
+            'c66fd3b4ee14e577d077d346ba548090040bb8b1cb26c65235814c51aad40e98'
             'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea')
 
 prepare() {

Modified: nftables.conf
===================================================================
--- nftables.conf	2021-07-06 18:05:54 UTC (rev 419046)
+++ nftables.conf	2021-07-06 18:36:23 UTC (rev 419047)
@@ -11,26 +11,13 @@
     type filter hook input priority filter
     policy drop
 
-    # allow established/related connections
-    ct state {established, related} accept
-
-    # early drop of invalid connections
-    ct state invalid drop
-
-    # allow from loopback
-    iifname lo accept
-
-    # allow icmp
-    ip protocol icmp accept
-    meta l4proto ipv6-icmp accept
-
-    # allow ssh
-    tcp dport ssh accept
-
-    # everything else
+    ct state {established, related} accept comment "allow tracked connections"
+    ct state invalid drop comment "early drop of invalid connections"
+    iifname lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
     pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
-
-    # count dropped
     counter
   }
   chain forward {

More information about the arch-commits mailing list