files: Drop shebangs from config files

These are not meant to be executed as is but instead loaded via
'nft -f' - all-in-one.nft even points this out in header comment.
While being at it, drop two spelling mistakes found along the way.

Consequently remove executable bits - being registered in automake as
dist_pkgsysconf_DATA, they're changed to 644 upon installation anyway.

Also there is obviously no need for replacement of nft binary path
anymore, drop that bit from Makefile.am.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
index 2a511cd1729c1870b22df6a4a951fb0f6ac20473..fc8b94eac1d011fb8d9564f5c4a223c060c203a9 100644 (file)
--- a/files/nftables/Makefile.am
+++ b/files/nftables/Makefile.am
@@ -13,6 +13,3 @@ dist_pkgsysconf_DATA =        all-in-one.nft          \
                        ipv6-nat.nft            \
                        ipv6-raw.nft            \
                        netdev-ingress.nft
-
-install-data-hook:
-       ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*.nft

diff --git a/files/nftables/all-in-one.nft b/files/nftables/all-in-one.nft
old mode 100755 (executable)
new mode 100644 (file)
index d3aa7f3..15ac22e
--- a/files/nftables/all-in-one.nft
+++ b/files/nftables/all-in-one.nft
@@ -1,12 +1,10 @@
-#!@sbindir@nft -f
-
 # Here is an example of different families, hooks and priorities in the
 # nftables framework, all mixed together.
 #
 # more examples are located in files/examples in nftables source.
 # For up-to-date information please visit https://wiki.nftables.org
 #
-# This script is mean to be loaded with `nft -f <file>`
+# This script is meant to be loaded with `nft -f <file>`
 
 # clear all prior state
 flush ruleset

diff --git a/files/nftables/arp-filter.nft b/files/nftables/arp-filter.nft
old mode 100755 (executable)
new mode 100644 (file)
index 8a350b1..6e4c624
--- a/files/nftables/arp-filter.nft
+++ b/files/nftables/arp-filter.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table arp filter {
        chain input             { type filter hook input priority 0; }
        chain output            { type filter hook output priority 0; }

diff --git a/files/nftables/bridge-filter.nft b/files/nftables/bridge-filter.nft
old mode 100755 (executable)
new mode 100644 (file)
index 93efe86..f071205
--- a/files/nftables/bridge-filter.nft
+++ b/files/nftables/bridge-filter.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table bridge filter {
        chain input             { type filter hook input priority -200; }
        chain forward           { type filter hook forward priority -200; }

diff --git a/files/nftables/inet-filter.nft b/files/nftables/inet-filter.nft
old mode 100755 (executable)
new mode 100644 (file)
index 7be447f..bfe43b4
--- a/files/nftables/inet-filter.nft
+++ b/files/nftables/inet-filter.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table inet filter {
        chain input             { type filter hook input priority 0; }
        chain forward           { type filter hook forward priority 0; }

diff --git a/files/nftables/inet-nat.nft b/files/nftables/inet-nat.nft
old mode 100755 (executable)
new mode 100644 (file)
index 52fcdb5..babd7f0
--- a/files/nftables/inet-nat.nft
+++ b/files/nftables/inet-nat.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table inet nat {
        chain prerouting        { type nat hook prerouting priority -100; }
        chain input             { type nat hook input priority 100; }

diff --git a/files/nftables/ipv4-filter.nft b/files/nftables/ipv4-filter.nft
old mode 100755 (executable)
new mode 100644 (file)
index 51c060f..ab62024
--- a/files/nftables/ipv4-filter.nft
+++ b/files/nftables/ipv4-filter.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table filter {
        chain input             { type filter hook input priority 0; }
        chain forward           { type filter hook forward priority 0; }

diff --git a/files/nftables/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft
old mode 100755 (executable)
new mode 100644 (file)
index dba8888..07da5bd
--- a/files/nftables/ipv4-mangle.nft
+++ b/files/nftables/ipv4-mangle.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table mangle {
        chain output            { type route hook output priority -150; }
 }

diff --git a/files/nftables/ipv4-nat.nft b/files/nftables/ipv4-nat.nft
old mode 100755 (executable)
new mode 100644 (file)
index 6754e5e..2c9ce7c
--- a/files/nftables/ipv4-nat.nft
+++ b/files/nftables/ipv4-nat.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table nat {
        chain prerouting        { type nat hook prerouting priority -100; }
        chain input             { type nat hook input priority 100; }

diff --git a/files/nftables/ipv4-raw.nft b/files/nftables/ipv4-raw.nft
old mode 100755 (executable)
new mode 100644 (file)
index c3fed19..2318e87
--- a/files/nftables/ipv4-raw.nft
+++ b/files/nftables/ipv4-raw.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table raw {
        chain prerouting        { type filter hook prerouting priority -300; }
        chain output            { type filter hook output priority -300; }

diff --git a/files/nftables/ipv6-filter.nft b/files/nftables/ipv6-filter.nft
old mode 100755 (executable)
new mode 100644 (file)
index 266bed3..383d075
--- a/files/nftables/ipv6-filter.nft
+++ b/files/nftables/ipv6-filter.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table ip6 filter {
        chain input             { type filter hook input priority 0; }
        chain forward           { type filter hook forward priority 0; }

diff --git a/files/nftables/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft
old mode 100755 (executable)
new mode 100644 (file)
index 6b3e20d..88c51e5
--- a/files/nftables/ipv6-mangle.nft
+++ b/files/nftables/ipv6-mangle.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table ip6 mangle {
        chain output            { type route hook output priority -150; }
 }

diff --git a/files/nftables/ipv6-nat.nft b/files/nftables/ipv6-nat.nft
old mode 100755 (executable)
new mode 100644 (file)
index ce0391d..6a356f1
--- a/files/nftables/ipv6-nat.nft
+++ b/files/nftables/ipv6-nat.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table ip6 nat {
        chain prerouting        { type nat hook prerouting priority -100; }
        chain input             { type nat hook input priority 100; }

diff --git a/files/nftables/ipv6-raw.nft b/files/nftables/ipv6-raw.nft
old mode 100755 (executable)
new mode 100644 (file)
index 504fb3e..f92668b
--- a/files/nftables/ipv6-raw.nft
+++ b/files/nftables/ipv6-raw.nft
@@ -1,5 +1,3 @@
-#!@sbindir@nft -f
-
 table ip6 raw {
        chain prerouting        { type filter hook prerouting priority -300; }
        chain output            { type filter hook output priority -300; }

diff --git a/files/nftables/netdev-ingress.nft b/files/nftables/netdev-ingress.nft
old mode 100755 (executable)
new mode 100644 (file)
index 9e46b15..3ed881a
--- a/files/nftables/netdev-ingress.nft
+++ b/files/nftables/netdev-ingress.nft
@@ -1,6 +1,4 @@
-#!@sbindir@nft -f
-
-# mind the NIC, it must exists
+# mind the NIC, it must exist
 table netdev filter {
         chain loinput { type filter hook ingress device lo priority 0; }
 }