[PATCH nft] files: restore base table skeletons

Florian Westphal <fw@xxxxxxxxx> · Sun, 6 May 2018 21:44:56 +0200

nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).

With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.

Resurrect them.

Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 Arturo, I know you don't like it but several users complained
 about this.

 I've kept the 'nft' extension in place and renamed
 families_and_hooks to all-in-one.

 Only the skeletons are restored, examples rulesets remain where
 they are.

 Makefile.am                                              |  1 +
 configure.ac                                             |  2 ++
 files/Makefile.am                                        |  1 +
 files/nftables/Makefile.am                               | 16 ++++++++++++++++
 .../families_and_hooks.nft => nftables/all-in-one.nft}   |  8 ++++++--
 files/{examples => nftables}/arp-filter.nft              |  2 +-
 files/{examples => nftables}/bridge-filter.nft           |  2 +-
 files/{examples => nftables}/inet-filter.nft             |  2 +-
 files/{examples => nftables}/ipv4-filter.nft             |  2 +-
 files/{examples => nftables}/ipv4-mangle.nft             |  2 +-
 files/{examples => nftables}/ipv4-nat.nft                |  2 +-
 files/{examples => nftables}/ipv4-raw.nft                |  2 +-
 files/{examples => nftables}/ipv6-filter.nft             |  2 +-
 files/{examples => nftables}/ipv6-mangle.nft             |  2 +-
 files/{examples => nftables}/ipv6-nat.nft                |  2 +-
 files/{examples => nftables}/ipv6-raw.nft                |  2 +-
 16 files changed, 37 insertions(+), 13 deletions(-)
 create mode 100644 files/Makefile.am
 create mode 100644 files/nftables/Makefile.am
 rename files/{examples/families_and_hooks.nft => nftables/all-in-one.nft} (88%)
 rename files/{examples => nftables}/arp-filter.nft (87%)
 rename files/{examples => nftables}/bridge-filter.nft (91%)
 rename files/{examples => nftables}/inet-filter.nft (90%)
 rename files/{examples => nftables}/ipv4-filter.nft (90%)
 rename files/{examples => nftables}/ipv4-mangle.nft (79%)
 rename files/{examples => nftables}/ipv4-nat.nft (92%)
 rename files/{examples => nftables}/ipv4-raw.nft (87%)
 rename files/{examples => nftables}/ipv6-filter.nft (90%)
 rename files/{examples => nftables}/ipv6-mangle.nft (80%)
 rename files/{examples => nftables}/ipv6-nat.nft (93%)
 rename files/{examples => nftables}/ipv6-raw.nft (88%)

diff --git a/Makefile.am b/Makefile.am
index 1201ca78e4f1..09664c3ecda6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,7 @@ ACLOCAL_AMFLAGS	= -I m4
 
 SUBDIRS = 	src	\
 		include	\
+		files	\
 		doc
 
 EXTRA_DIST =	tests	\
diff --git a/configure.ac b/configure.ac
index 249657793646..d7522569aff9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -119,6 +119,8 @@ AC_CONFIG_FILES([					\
 		include/linux/netfilter_bridge/Makefile	\
 		include/linux/netfilter_ipv4/Makefile	\
 		include/linux/netfilter_ipv6/Makefile	\
+		files/Makefile				\
+		files/nftables/Makefile			\
 		doc/Makefile				\
 		])
 AC_OUTPUT
diff --git a/files/Makefile.am b/files/Makefile.am
new file mode 100644
index 000000000000..a8394c069cfd
--- /dev/null
+++ b/files/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = nftables
diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am
new file mode 100644
index 000000000000..43e30281988b
--- /dev/null
+++ b/files/nftables/Makefile.am
@@ -0,0 +1,16 @@
+pkgsysconfdir = ${sysconfdir}/nftables
+dist_pkgsysconf_DATA =	all-in-one.nft		\
+			arp-filter.nft		\
+			bridge-filter.nft	\
+			inet-filter.nft		\
+			ipv4-filter.nft		\
+			ipv4-mangle.nft		\
+			ipv4-nat.nft		\
+			ipv4-raw.nft		\
+			ipv6-filter.nft		\
+			ipv6-mangle.nft		\
+			ipv6-nat.nft		\
+			ipv6-raw.nft
+
+install-data-hook:
+	${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
diff --git a/files/examples/families_and_hooks.nft b/files/nftables/all-in-one.nft
similarity index 88%
rename from files/examples/families_and_hooks.nft
rename to files/nftables/all-in-one.nft
index e6d9ee23b17c..4ccc043259c1 100755
--- a/files/examples/families_and_hooks.nft
+++ b/files/nftables/all-in-one.nft
@@ -1,10 +1,14 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 # Here is an example of different families, hooks and priorities in the
 # nftables framework, all mixed together.
-# This script is mean to be loaded with `nft -f <file>`
+#
+# more examples are located in files/examples in nftables source.
 # For up-to-date information please visit https://wiki.nftables.org
+#
+# This script is mean to be loaded with `nft -f <file>`
 
+# clear all prior state
 flush ruleset
 
 # native dual stack IPv4 & IPv6 family
diff --git a/files/examples/arp-filter.nft b/files/nftables/arp-filter.nft
similarity index 87%
rename from files/examples/arp-filter.nft
rename to files/nftables/arp-filter.nft
index 13166bda925e..8a350b1eba8a 100755
--- a/files/examples/arp-filter.nft
+++ b/files/nftables/arp-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table arp filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/bridge-filter.nft b/files/nftables/bridge-filter.nft
similarity index 91%
rename from files/examples/bridge-filter.nft
rename to files/nftables/bridge-filter.nft
index 7e3cad4085db..93efe8642301 100755
--- a/files/examples/bridge-filter.nft
+++ b/files/nftables/bridge-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table bridge filter {
 	chain input		{ type filter hook input priority -200; }
diff --git a/files/examples/inet-filter.nft b/files/nftables/inet-filter.nft
similarity index 90%
rename from files/examples/inet-filter.nft
rename to files/nftables/inet-filter.nft
index e5c8c54fcf2a..7be447fd4df5 100755
--- a/files/examples/inet-filter.nft
+++ b/files/nftables/inet-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table inet filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv4-filter.nft b/files/nftables/ipv4-filter.nft
similarity index 90%
rename from files/examples/ipv4-filter.nft
rename to files/nftables/ipv4-filter.nft
index 73b11bc9cd9a..51c060f62cf4 100755
--- a/files/examples/ipv4-filter.nft
+++ b/files/nftables/ipv4-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv4-mangle.nft b/files/nftables/ipv4-mangle.nft
similarity index 79%
rename from files/examples/ipv4-mangle.nft
rename to files/nftables/ipv4-mangle.nft
index 2827ddfacea4..dba8888c06ad 100755
--- a/files/examples/ipv4-mangle.nft
+++ b/files/nftables/ipv4-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table mangle {
 	chain output		{ type route hook output priority -150; }
diff --git a/files/examples/ipv4-nat.nft b/files/nftables/ipv4-nat.nft
similarity index 92%
rename from files/examples/ipv4-nat.nft
rename to files/nftables/ipv4-nat.nft
index fd3bb40cfcb8..6754e5eede6a 100755
--- a/files/examples/ipv4-nat.nft
+++ b/files/nftables/ipv4-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table nat {
 	chain prerouting	{ type nat hook prerouting priority -100; }
diff --git a/files/examples/ipv4-raw.nft b/files/nftables/ipv4-raw.nft
similarity index 87%
rename from files/examples/ipv4-raw.nft
rename to files/nftables/ipv4-raw.nft
index 91fc138b145d..c3fed1919cfb 100755
--- a/files/examples/ipv4-raw.nft
+++ b/files/nftables/ipv4-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table raw {
 	chain prerouting	{ type filter hook prerouting priority -300; }
diff --git a/files/examples/ipv6-filter.nft b/files/nftables/ipv6-filter.nft
similarity index 90%
rename from files/examples/ipv6-filter.nft
rename to files/nftables/ipv6-filter.nft
index 21f06a3894d6..266bed365671 100755
--- a/files/examples/ipv6-filter.nft
+++ b/files/nftables/ipv6-filter.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 filter {
 	chain input		{ type filter hook input priority 0; }
diff --git a/files/examples/ipv6-mangle.nft b/files/nftables/ipv6-mangle.nft
similarity index 80%
rename from files/examples/ipv6-mangle.nft
rename to files/nftables/ipv6-mangle.nft
index e92dbef62480..6b3e20dcd458 100755
--- a/files/examples/ipv6-mangle.nft
+++ b/files/nftables/ipv6-mangle.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 mangle {
 	chain output		{ type route hook output priority -150; }
diff --git a/files/examples/ipv6-nat.nft b/files/nftables/ipv6-nat.nft
similarity index 93%
rename from files/examples/ipv6-nat.nft
rename to files/nftables/ipv6-nat.nft
index 7437c19367c8..ce0391df2475 100755
--- a/files/examples/ipv6-nat.nft
+++ b/files/nftables/ipv6-nat.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 nat {
 	chain prerouting	{ type nat hook prerouting priority -100; }
diff --git a/files/examples/ipv6-raw.nft b/files/nftables/ipv6-raw.nft
similarity index 88%
rename from files/examples/ipv6-raw.nft
rename to files/nftables/ipv6-raw.nft
index 812703aab6c9..504fb3e5c851 100755
--- a/files/examples/ipv6-raw.nft
+++ b/files/nftables/ipv6-raw.nft
@@ -1,4 +1,4 @@
-#!/usr/sbin/nft -f
+#!@sbindir@nft -f
 
 table ip6 raw {
 	chain prerouting	{ type filter hook prerouting priority -300; }
-- 
2.16.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






