nftables: use .nft for nftables config script
This commit is contained in:
parent
f119565a2a
commit
c47a23227a
@ -1,7 +1,7 @@
|
|||||||
untrusted comment: verify with /etc/ports/core.pub
|
untrusted comment: verify with /etc/ports/core.pub
|
||||||
RWRJc1FUaeVeqvcJrRrzC99tYVg/N1R+0y0BqhNMdPiT3AxccWWDl55JHGppbn1AvsjuwlUbcfkvvpFPtNNd2VYs72aAv88kfAk=
|
RWRJc1FUaeVeqoHJlrPZjRc+1vEQ77UvN20f5WLXD0iuYDelP1BGcBIH/q92BMqC1VlVMmHyoFWZRZwQQnQzVenpHTn+WuoDTAs=
|
||||||
SHA256 (Pkgfile) = d9fc665e5b361b5d758e305b703683d39614c1038105e898e573efeb0339922a
|
SHA256 (Pkgfile) = 0490963a20f83f632aba1d4f9b4ee76419d234c76a1c955a525a894344e00c07
|
||||||
SHA256 (.footprint) = 3af190e6dd19a2b16968ea5375f46752c0920b9c5711a62f8dd0fdad6dc95480
|
SHA256 (.footprint) = 3af190e6dd19a2b16968ea5375f46752c0920b9c5711a62f8dd0fdad6dc95480
|
||||||
SHA256 (nftables-1.0.2.tar.bz2) = 0b28a36ffcf4567b841de7bd3f37918b1fed27859eb48bdec51e1f7a83954c02
|
SHA256 (nftables-1.0.2.tar.bz2) = 0b28a36ffcf4567b841de7bd3f37918b1fed27859eb48bdec51e1f7a83954c02
|
||||||
SHA256 (nftables.conf) = bdbf69d9a32d7821e000b25ef115490c4efe03ae8ef08efa2b63a4dc239a2424
|
SHA256 (nftables.nft) = 43436a5237a259378f6b712978db6e0d821d2be0528f9a2e93cfdc2fca504d7c
|
||||||
SHA256 (nftables.init) = ba1a2aa9a7faea15b2f10145593d643d496cca917c7858ceabd345062892ee7e
|
SHA256 (nftables.init) = bfd1698c0f89b39ff3d0a5eceffe68d79bde0ac73c4e9eedcac8748274320f0c
|
||||||
|
@ -5,9 +5,9 @@
|
|||||||
|
|
||||||
name=nftables
|
name=nftables
|
||||||
version=1.0.2
|
version=1.0.2
|
||||||
release=1
|
release=2
|
||||||
source=(https://www.netfilter.org/pub/nftables/nftables-$version.tar.bz2
|
source=(https://www.netfilter.org/pub/nftables/nftables-$version.tar.bz2
|
||||||
nftables.conf nftables.init)
|
nftables.nft nftables.init)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $name-$version
|
cd $name-$version
|
||||||
@ -18,8 +18,8 @@ build() {
|
|||||||
--prefix=/usr \
|
--prefix=/usr \
|
||||||
--sbindir=/usr/bin \
|
--sbindir=/usr/bin \
|
||||||
--sysconfdir=/usr/share \
|
--sysconfdir=/usr/share \
|
||||||
--with-json \
|
|
||||||
--with-cli=readline \
|
--with-cli=readline \
|
||||||
|
--with-json \
|
||||||
--with-python-bin=/usr/bin/python3 \
|
--with-python-bin=/usr/bin/python3 \
|
||||||
--disable-debug
|
--disable-debug
|
||||||
make
|
make
|
||||||
@ -29,7 +29,7 @@ build() {
|
|||||||
/usr/bin/python3 -O -m compileall -d / $PKG/usr/lib
|
/usr/bin/python3 -O -m compileall -d / $PKG/usr/lib
|
||||||
|
|
||||||
install -D -m 755 $SRC/nftables.init $PKG/etc/rc.d/nftables
|
install -D -m 755 $SRC/nftables.init $PKG/etc/rc.d/nftables
|
||||||
install -D -m 600 $SRC/nftables.conf $PKG/etc/nftables
|
install -D -m 600 $SRC/nftables.nft $PKG/etc/nftables
|
||||||
|
|
||||||
rm -r $PKG/usr/share/doc
|
rm -r $PKG/usr/share/doc
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
PROG=/usr/bin/nft
|
PROG=/usr/bin/nft
|
||||||
CONF=/etc/nftables
|
CONF=/etc/nftables.nft
|
||||||
LOADOPTS="-f"
|
LOADOPTS="-f"
|
||||||
SHOWOPTS="-s list ruleset"
|
SHOWOPTS="-s list ruleset"
|
||||||
RESETRULES="flush ruleset"
|
RESETRULES="flush ruleset"
|
||||||
|
@ -15,7 +15,7 @@ table ip filter {
|
|||||||
# accept traffic originated from us
|
# accept traffic originated from us
|
||||||
ct state established,related accept
|
ct state established,related accept
|
||||||
|
|
||||||
# accept traffic originated from us
|
# accept ssh logins via port 22
|
||||||
tcp dport 22 accept comment "Accept SSH on port 22"
|
tcp dport 22 accept comment "Accept SSH on port 22"
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user