Compare commits
No commits in common. "be6c7c041824d9084ba1a7ebf776a3f181cd4362" and "eb62a3f4c83201188df9d729a86e6b5cd1f4274e" have entirely different histories.
be6c7c0418
...
eb62a3f4c8
|
@ -3,14 +3,9 @@
|
||||||
|
|
||||||
. ../../APKBUILD.template
|
. ../../APKBUILD.template
|
||||||
|
|
||||||
pkgrel=3
|
pkgrel=0
|
||||||
pkgdesc="Basic generic nftables template"
|
pkgdesc="Basic generic nftables template"
|
||||||
options="!check" # check requires root?
|
options="!check" # check requires root?
|
||||||
subpackages=""
|
|
||||||
|
|
||||||
for i in "$startdir"/nft/inet/nnd-base/*/*/*/*; do
|
|
||||||
subpackages="$subpackages $pkgname-$(echo "${i##*/nft/inet/nnd-base/}" | sed 's/\//-/g'):_mod"
|
|
||||||
done
|
|
||||||
|
|
||||||
check() {
|
check() {
|
||||||
msg "Checking if commands are valid"
|
msg "Checking if commands are valid"
|
||||||
|
@ -27,8 +22,3 @@ package() {
|
||||||
mkdir -p "$pkgdir"/etc/nnd
|
mkdir -p "$pkgdir"/etc/nnd
|
||||||
cp -r "$builddir"/nft "$pkgdir"/etc/nnd/nftables
|
cp -r "$builddir"/nft "$pkgdir"/etc/nnd/nftables
|
||||||
}
|
}
|
||||||
|
|
||||||
_mod() {
|
|
||||||
local _modname="${subpkgname##$pkgname-}"
|
|
||||||
amove etc/nnd/nftables/inet/nnd-base/"$(echo $_modname | sed 's/-/\//g')"
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
include "inet/nnd-base/filter/input/ct/*";
|
|
||||||
include "inet/nnd-base/filter/input/icmp/*";
|
|
||||||
include "inet/nnd-base/filter/input/iface/*";
|
|
||||||
include "inet/nnd-base/filter/input/udp/*";
|
|
||||||
include "inet/nnd-base/filter/input/tcp/*";
|
|
|
@ -1 +0,0 @@
|
||||||
ct state established accept;
|
|
|
@ -1 +0,0 @@
|
||||||
ct state invalid counter drop;
|
|
|
@ -1 +0,0 @@
|
||||||
ct state related accept;
|
|
|
@ -1 +0,0 @@
|
||||||
ip protocol icmp counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
ip6 nexthdr icmpv6 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
iifname lo accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 10809 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 143 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 22 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 25 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 443 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 465 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 51413 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 53 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 587 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 64738 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 7777 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 80 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 993 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 26000 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 51413 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 51820 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 53 counter accept;
|
|
|
@ -1 +0,0 @@
|
||||||
tcp dport 64783 counter accept;
|
|
|
@ -1,14 +1,17 @@
|
||||||
table inet nnd-base {
|
table inet nnd-base {
|
||||||
chain rxfilter {
|
chain rxfilter {
|
||||||
type filter hook input priority 0;
|
type filter hook input priority 0;
|
||||||
policy drop;
|
policy reject;
|
||||||
|
|
||||||
|
ct state invalid counter drop;
|
||||||
|
icmpx counter accept;
|
||||||
|
|
||||||
include "inet/nnd-base/filter/input/*";
|
include "inet/nnd-base/filter/input/*";
|
||||||
counter reject with icmpx type admin-prohibited;
|
counter reject with icmpx type admin-prohibited;
|
||||||
}
|
}
|
||||||
chain fwfilter {
|
chain fwfilter {
|
||||||
type filter hook forward priority 0;
|
type filter hook forward priority 0;
|
||||||
policy drop;
|
policy reject;
|
||||||
include "inet/nnd-base/filter/forward/*";
|
include "inet/nnd-base/filter/forward/*";
|
||||||
counter reject with icmpx type no-route;
|
counter reject with icmpx type no-route;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
# Contributor: Alex Denes <caskd@redxen.eu>
|
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||||
. ../../APKBUILD.template
|
|
||||||
|
|
||||||
pkgname=nnd-s6-services
|
pkgname=nnd-s6-services
|
||||||
pkgver=1.8
|
pkgver=1.6
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
pkgdesc="Base services for s6"
|
pkgdesc="Base services for s6"
|
||||||
|
url="none"
|
||||||
|
arch="noarch"
|
||||||
|
license="MIT"
|
||||||
depends="s6-rc s6-portable-utils s6-linux-utils"
|
depends="s6-rc s6-portable-utils s6-linux-utils"
|
||||||
builddir="$srcdir/"
|
builddir="$srcdir/"
|
||||||
_distpfx="etc/s6/dist"
|
_distpfx="etc/s6/dist"
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
/etc/nnd/nftables/
|
|
|
@ -1 +0,0 @@
|
||||||
/etc/nnd/nftables/loadall
|
|
|
@ -60,7 +60,7 @@ distdefs() {
|
||||||
for cdir in "$SDIR"/*; do
|
for cdir in "$SDIR"/*; do
|
||||||
local srv="${cdir##*/}"
|
local srv="${cdir##*/}"
|
||||||
local dsv="$DPATH/$srv"
|
local dsv="$DPATH/$srv"
|
||||||
if [ ! -e "$dsv" ]; then
|
if [ ! -d "$dsv" ]; then
|
||||||
ln -sv "$cdir" "$dsv" || ERR="$?" error "Failed to create reference"
|
ln -sv "$cdir" "$dsv" || ERR="$?" error "Failed to create reference"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -1,14 +1,12 @@
|
||||||
#!/bin/execlineb -P
|
#!/bin/execlineb -P
|
||||||
s6-envdir -i /etc/s6/env/path
|
s6-envdir -i /etc/s6/env/path
|
||||||
importas -i PATH PATH
|
importas -i PATH PATH
|
||||||
s6-envdir -i /etc/s6/env/nftables
|
|
||||||
importas -i RULESET RULESET
|
|
||||||
importas -i RULEDIR RULEDIR
|
|
||||||
emptyenv
|
emptyenv
|
||||||
|
|
||||||
export PATH $PATH
|
export PATH $PATH
|
||||||
|
define RULESET /etc/nftables/core.nft
|
||||||
|
|
||||||
fdclose 1
|
fdclose 1
|
||||||
fdclose 2
|
fdclose 2
|
||||||
|
|
||||||
exec nft -I $RULEDIR -f $RULESET
|
exec nft -f ${RULESET}
|
||||||
|
|
Loading…
Reference in New Issue