files: restore base table skeletons

nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).

With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.

Resurrect them.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/Makefile.am b/Makefile.am
index 1201ca78e4f1721a65464fd726dc3f56ed776630..09664c3ecda6e7b8fe935a479463821be215e602 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,7 @@ ACLOCAL_AMFLAGS = -I m4
 
 SUBDIRS =      src     \
                include \
+               files   \
                doc
 
 EXTRA_DIST =   tests   \

diff --git a/configure.ac b/configure.ac
index 249657793646adcaa9f3a8e8a8240286b0c5a5cf..d7522569aff9a891e1f62b5f70a6ca80fae7939b 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -119,6 +119,8 @@ AC_CONFIG_FILES([                                   \
                include/linux/netfilter_bridge/Makefile \
                include/linux/netfilter_ipv4/Makefile   \
                include/linux/netfilter_ipv6/Makefile   \
+               files/Makefile                          \
+               files/nftables/Makefile                 \
                doc/Makefile                            \
                ])
 AC_OUTPUT

diff --git a/files/Makefile.am b/files/Makefile.am
new file mode 100644 (file)
index 0000000..a8394c0
--- /dev/null
+++ b/files/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = nftables

diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
new file mode 100644 (file)
index 0000000..43e3028
--- /dev/null
+++ b/files/nftables/Makefile.am
@@ -0,0 +1,16 @@
+pkgsysconfdir = ${sysconfdir}/nftables
+dist_pkgsysconf_DATA = all-in-one.nft          \
+                       arp-filter.nft          \
+                       bridge-filter.nft       \
+                       inet-filter.nft         \
+                       ipv4-filter.nft         \
+                       ipv4-mangle.nft         \
+                       ipv4-nat.nft            \
+                       ipv4-raw.nft            \
+                       ipv6-filter.nft         \
+                       ipv6-mangle.nft         \
+                       ipv6-nat.nft            \
+                       ipv6-raw.nft
+
+install-data-hook:
+       ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*

diff --git a/files/examples/families_and_hooks.nft b/files/nftables/all-in-one.nft
similarity index 88%
rename from files/examples/families_and_hooks.nft
rename to files/nftables/all-in-one.nft
index e6d9ee23b17c8749e0964b29c34e3f229d487f48..4ccc043259c109281f4d7c2219967315c617de5e 100755 (executable)
--- a/files/examples/families_and_hooks.nft
+++ b/files/nftables/all-in-one.nft
@@ -1,10 +1,14 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 # Here is an example of different families, hooks and priorities in the
 # nftables framework, all mixed together.
-# This script is mean to be loaded with `nft -f <file>`
+#
+# more examples are located in files/examples in nftables source.
 # For up-to-date information please visit https://wiki.nftables.org
+#
+# This script is mean to be loaded with `nft -f <file>`
 
+# clear all prior state
 flush ruleset
 
 # native dual stack IPv4 & IPv6 family

diff --git a/files/examples/arp-filter.nft b/files/nftables/arp-filter.nft
similarity index 87%
rename from files/examples/arp-filter.nft
rename to files/nftables/arp-filter.nft
index 13166bda925e572c37277518e5c72ac15917ab91..8a350b1eba8aa07cee2a9cb5b8e1f4e71cba6ba9 100755 (executable)
--- a/files/examples/arp-filter.nft
+++ b/files/nftables/arp-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table arp filter {
        chain input             { type filter hook input priority 0; }

diff --git a/files/examples/bridge-filter.nft b/files/nftables/bridge-filter.nft
similarity index 91%
rename from files/examples/bridge-filter.nft
rename to files/nftables/bridge-filter.nft
index 7e3cad4085dba5f80d5232fa23479eee542e9820..93efe86423011773e9827ce100fa507563cbdfe9 100755 (executable)
--- a/files/examples/bridge-filter.nft
+++ b/files/nftables/bridge-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table bridge filter {
        chain input             { type filter hook input priority -200; }

diff --git a/files/examples/inet-filter.nft b/files/nftables/inet-filter.nft
similarity index 90%
rename from files/examples/inet-filter.nft
rename to files/nftables/inet-filter.nft
index e5c8c54fcf2a6b7a21c12a02bdce31a067d8f365..7be447fd4df5fc8fcf605a03ec1cb3a43f05fcb8 100755 (executable)
--- a/files/examples/inet-filter.nft
+++ b/files/nftables/inet-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table inet filter {
        chain input             { type filter hook input priority 0; }

diff --git a/files/examples/ipv4-filter.nft b/files/nftables/ipv4-filter.nft
similarity index 90%
rename from files/examples/ipv4-filter.nft
rename to files/nftables/ipv4-filter.nft
index 73b11bc9cd9a56c64ed08e4fd773123989f2700c..51c060f62cf42b13c9a041b63fec3aec6d498ba5 100755 (executable)
--- a/files/examples/ipv4-filter.nft
+++ b/files/nftables/ipv4-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table filter {
        chain input             { type filter hook input priority 0; }

diff --git a/files/examples/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft
similarity index 79%
rename from files/examples/ipv4-mangle.nft
rename to files/nftables/ipv4-mangle.nft
index 2827ddfacea4f6fa5b5214dfaf0472416a860027..dba8888c06adf6835b68482f77e58c27ac77ccbe 100755 (executable)
--- a/files/examples/ipv4-mangle.nft
+++ b/files/nftables/ipv4-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table mangle {
        chain output            { type route hook output priority -150; }

diff --git a/files/examples/ipv4-nat.nft b/files/nftables/ipv4-nat.nft
similarity index 92%
rename from files/examples/ipv4-nat.nft
rename to files/nftables/ipv4-nat.nft
index fd3bb40cfcb8aa05eee737c64b92c897482773cd..6754e5eede6a569ccc7e39406cadeb489bb525f9 100755 (executable)
--- a/files/examples/ipv4-nat.nft
+++ b/files/nftables/ipv4-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table nat {
        chain prerouting        { type nat hook prerouting priority -100; }

diff --git a/files/examples/ipv4-raw.nft b/files/nftables/ipv4-raw.nft
similarity index 87%
rename from files/examples/ipv4-raw.nft
rename to files/nftables/ipv4-raw.nft
index 91fc138b145db706ca916285947b49d8ac713d67..c3fed1919cfbacff903266a9bfbfb99f3f08fabf 100755 (executable)
--- a/files/examples/ipv4-raw.nft
+++ b/files/nftables/ipv4-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table raw {
        chain prerouting        { type filter hook prerouting priority -300; }

diff --git a/files/examples/ipv6-filter.nft b/files/nftables/ipv6-filter.nft
similarity index 90%
rename from files/examples/ipv6-filter.nft
rename to files/nftables/ipv6-filter.nft
index 21f06a3894d6cf579216939d946e82be60a00fcd..266bed365671bec5b3134e67ce5828bcbcc3f208 100755 (executable)
--- a/files/examples/ipv6-filter.nft
+++ b/files/nftables/ipv6-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 filter {
        chain input             { type filter hook input priority 0; }

diff --git a/files/examples/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft
similarity index 80%
rename from files/examples/ipv6-mangle.nft
rename to files/nftables/ipv6-mangle.nft
index e92dbef62480aece4c3d17a14880684fcc45e708..6b3e20dcd458a9d2811c6753c5378662aebe2fe9 100755 (executable)
--- a/files/examples/ipv6-mangle.nft
+++ b/files/nftables/ipv6-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 mangle {
        chain output            { type route hook output priority -150; }

diff --git a/files/examples/ipv6-nat.nft b/files/nftables/ipv6-nat.nft
similarity index 93%
rename from files/examples/ipv6-nat.nft
rename to files/nftables/ipv6-nat.nft
index 7437c19367c8e2eff637a82e6cba3ab84c0ad9af..ce0391df2475605ebdca73c42b1e767d439428fb 100755 (executable)
--- a/files/examples/ipv6-nat.nft
+++ b/files/nftables/ipv6-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 nat {
        chain prerouting        { type nat hook prerouting priority -100; }

diff --git a/files/examples/ipv6-raw.nft b/files/nftables/ipv6-raw.nft
similarity index 88%
rename from files/examples/ipv6-raw.nft
rename to files/nftables/ipv6-raw.nft
index 812703aab6c9120ad5e81a5c45610232b4b0540e..504fb3e5c851b327e03a5a4087a02c0c354d1a93 100755 (executable)
--- a/files/examples/ipv6-raw.nft
+++ b/files/nftables/ipv6-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 raw {
        chain prerouting        { type filter hook prerouting priority -300; }