main/nnd-nft/APKBUILD

@@ -3,14 +3,9 @@
 
 . ../../APKBUILD.template
 
-pkgrel=3
+pkgrel=0
 pkgdesc="Basic generic nftables template"
 options="!check" # check requires root?
-subpackages=""
-
-for i in "$startdir"/nft/inet/nnd-base/*/*/*/*; do
-	subpackages="$subpackages $pkgname-$(echo "${i##*/nft/inet/nnd-base/}" | sed 's/\//-/g'):_mod"
-done
 
 check() {
 	msg "Checking if commands are valid"
@@ -27,8 +22,3 @@ package() {
 	mkdir -p "$pkgdir"/etc/nnd
 	cp -r "$builddir"/nft "$pkgdir"/etc/nnd/nftables
 }
-
-_mod() {
-	local _modname="${subpkgname##$pkgname-}"
-	amove etc/nnd/nftables/inet/nnd-base/"$(echo $_modname | sed 's/-/\//g')"
-}

main/nnd-nft/nft/inet/nnd-base/filter/input/all

@@ -1,5 +0,0 @@
-include "inet/nnd-base/filter/input/ct/*";
-include "inet/nnd-base/filter/input/icmp/*";
-include "inet/nnd-base/filter/input/iface/*";
-include "inet/nnd-base/filter/input/udp/*";
-include "inet/nnd-base/filter/input/tcp/*";

main/nnd-nft/nft/inet/nnd-base/filter/input/ct/established

@@ -1 +0,0 @@
-ct state established accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/ct/invalid

@@ -1 +0,0 @@
-ct state invalid counter drop;

main/nnd-nft/nft/inet/nnd-base/filter/input/ct/related

@@ -1 +0,0 @@
-ct state related accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v4

@@ -1 +0,0 @@
-ip protocol icmp counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v6

@@ -1 +0,0 @@
-ip6 nexthdr icmpv6 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/iface/lo

@@ -1 +0,0 @@
-iifname lo accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/10809

@@ -1 +0,0 @@
-tcp dport 10809 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/143

@@ -1 +0,0 @@
-tcp dport 143 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/22

@@ -1 +0,0 @@
-tcp dport 22 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25

@@ -1 +0,0 @@
-tcp dport 25 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/443

@@ -1 +0,0 @@
-tcp dport 443 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/465

@@ -1 +0,0 @@
-tcp dport 465 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/51413

@@ -1 +0,0 @@
-tcp dport 51413 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/53

@@ -1 +0,0 @@
-tcp dport 53 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/587

@@ -1 +0,0 @@
-tcp dport 587 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/64738

@@ -1 +0,0 @@
-tcp dport 64738 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/7777

@@ -1 +0,0 @@
-tcp dport 7777 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/80

@@ -1 +0,0 @@
-tcp dport 80 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/993

@@ -1 +0,0 @@
-tcp dport 993 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/udp/26000

@@ -1 +0,0 @@
-tcp dport 26000 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51413

@@ -1 +0,0 @@
-tcp dport 51413 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51820

@@ -1 +0,0 @@
-tcp dport 51820 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/udp/53

@@ -1 +0,0 @@
-tcp dport 53 counter accept;

main/nnd-nft/nft/inet/nnd-base/filter/input/udp/64783

@@ -1 +0,0 @@
-tcp dport 64783 counter accept;

main/nnd-nft/nft/inet/nnd-base/table

@@ -1,14 +1,17 @@
 table inet nnd-base {
 	chain rxfilter {
 		type filter hook input priority 0;
-		policy drop;
+		policy reject;
+
+		ct state invalid counter drop;
+		icmpx            counter accept;
 
 		include "inet/nnd-base/filter/input/*";
 		counter reject with icmpx type admin-prohibited;
 	}
 	chain fwfilter {
 		type filter hook forward priority 0;
-		policy drop;
+		policy reject;
 		include "inet/nnd-base/filter/forward/*";
 		counter reject with icmpx type no-route;
 	}

main/nnd-s6-services/APKBUILD

@@ -1,11 +1,12 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
-. ../../APKBUILD.template
-
 pkgname=nnd-s6-services
-pkgver=1.8
+pkgver=1.6
 pkgrel=0
 pkgdesc="Base services for s6"
+url="none"
+arch="noarch"
+license="MIT"
 depends="s6-rc s6-portable-utils s6-linux-utils"
 builddir="$srcdir/"
 _distpfx="etc/s6/dist"

main/nnd-s6-services/env/nftables/RULEDIR

@@ -1 +0,0 @@
-/etc/nnd/nftables/

main/nnd-s6-services/env/nftables/RULESET

@@ -1 +0,0 @@
-/etc/nnd/nftables/loadall

main/nnd-s6-services/manage.sh

@@ -60,7 +60,7 @@ distdefs() {
 	for cdir in "$SDIR"/*; do
 		local srv="${cdir##*/}"
 		local dsv="$DPATH/$srv"
-		if [ ! -e "$dsv" ]; then
+		if [ ! -d "$dsv" ]; then
 			ln -sv "$cdir" "$dsv" || ERR="$?" error "Failed to create reference"
 		fi
 	done

main/nnd-s6-services/rc/nftables/up

@@ -1,14 +1,12 @@
 #!/bin/execlineb -P
 s6-envdir -i /etc/s6/env/path
 importas -i PATH PATH
-s6-envdir -i /etc/s6/env/nftables
-importas -i RULESET RULESET
-importas -i RULEDIR RULEDIR
 emptyenv
 
 export PATH $PATH
+define RULESET /etc/nftables/core.nft
 
 fdclose 1
 fdclose 2
 
-exec nft -I $RULEDIR -f $RULESET
+exec nft -f ${RULESET}