nftables: New package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/nftables b/config/rootfiles/common/nftables
new file mode 100644 (file)
index 0000000..cb8a5bb
--- /dev/null
+++ b/config/rootfiles/common/nftables
@@ -0,0 +1,37 @@
+#etc/nftables
+#etc/nftables/osf
+etc/nftables/osf/pf.os
+#usr/include/nftables
+#usr/include/nftables/libnftables.h
+#usr/lib/libnftables.la
+#usr/lib/libnftables.so
+usr/lib/libnftables.so.1
+usr/lib/libnftables.so.1.1.0
+#usr/lib/pkgconfig/libnftables.pc
+usr/sbin/nft
+#usr/share/doc/nftables
+#usr/share/doc/nftables/examples
+#usr/share/doc/nftables/examples/ct_helpers.nft
+#usr/share/doc/nftables/examples/load_balancing.nft
+#usr/share/doc/nftables/examples/secmark.nft
+#usr/share/doc/nftables/examples/sets_and_maps.nft
+#usr/share/doc/nftables/main.nft
+#usr/share/man/man3/libnftables.3
+#usr/share/man/man5/libnftables-json.5
+#usr/share/man/man8/nft.8
+#usr/share/man/man8/nftables.service.8
+#usr/share/nftables
+#usr/share/nftables/all-in-one.nft
+#usr/share/nftables/arp-filter.nft
+#usr/share/nftables/bridge-filter.nft
+#usr/share/nftables/inet-filter.nft
+#usr/share/nftables/inet-nat.nft
+#usr/share/nftables/ipv4-filter.nft
+#usr/share/nftables/ipv4-mangle.nft
+#usr/share/nftables/ipv4-nat.nft
+#usr/share/nftables/ipv4-raw.nft
+#usr/share/nftables/ipv6-filter.nft
+#usr/share/nftables/ipv6-mangle.nft
+#usr/share/nftables/ipv6-nat.nft
+#usr/share/nftables/ipv6-raw.nft
+#usr/share/nftables/netdev-ingress.nft

diff --git a/lfs/nftables b/lfs/nftables
new file mode 100644 (file)
index 0000000..f2d37b8
--- /dev/null
+++ b/lfs/nftables
@@ -0,0 +1,82 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.1.5
+
+THISAPP    = nftables-$(VER)
+DL_FILE    = $(THISAPP).tar.xz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 4c391e316f5c04cffe16a64df60217d74e37ab4f87c614003e2d2f702b8a4fe81c2ca7f42b3429e948078b2b0ecf0ad61b8cc2f7b95384fff9c004bcc3837317
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+       @$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && \
+               ./configure \
+                       --prefix=/usr \
+                       --sysconfdir=/etc \
+                       --without-xtables \
+                       --with-json
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)

diff --git a/make.sh b/make.sh
index 6f189615521d22441f80f39d158a11e10de0e90e..b3528cc13bb284bf5145109d6de43ebf8b4f90ed 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -1550,6 +1550,7 @@ build_system() {
        lfsmake2 libnetfilter_cthelper
        lfsmake2 libnetfilter_cttimeout
        lfsmake2 libnftnl
+       lfsmake2 nftables
        lfsmake2 iptables
        lfsmake2 iproute2
        lfsmake2 screen