Compare commits
No commits in common. "be6c7c041824d9084ba1a7ebf776a3f181cd4362" and "eb62a3f4c83201188df9d729a86e6b5cd1f4274e" have entirely different histories.
be6c7c0418
...
eb62a3f4c8
|
@ -3,14 +3,9 @@
|
|||
|
||||
. ../../APKBUILD.template
|
||||
|
||||
pkgrel=3
|
||||
pkgrel=0
|
||||
pkgdesc="Basic generic nftables template"
|
||||
options="!check" # check requires root?
|
||||
subpackages=""
|
||||
|
||||
for i in "$startdir"/nft/inet/nnd-base/*/*/*/*; do
|
||||
subpackages="$subpackages $pkgname-$(echo "${i##*/nft/inet/nnd-base/}" | sed 's/\//-/g'):_mod"
|
||||
done
|
||||
|
||||
check() {
|
||||
msg "Checking if commands are valid"
|
||||
|
@ -27,8 +22,3 @@ package() {
|
|||
mkdir -p "$pkgdir"/etc/nnd
|
||||
cp -r "$builddir"/nft "$pkgdir"/etc/nnd/nftables
|
||||
}
|
||||
|
||||
_mod() {
|
||||
local _modname="${subpkgname##$pkgname-}"
|
||||
amove etc/nnd/nftables/inet/nnd-base/"$(echo $_modname | sed 's/-/\//g')"
|
||||
}
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
include "inet/nnd-base/filter/input/ct/*";
|
||||
include "inet/nnd-base/filter/input/icmp/*";
|
||||
include "inet/nnd-base/filter/input/iface/*";
|
||||
include "inet/nnd-base/filter/input/udp/*";
|
||||
include "inet/nnd-base/filter/input/tcp/*";
|
|
@ -1 +0,0 @@
|
|||
ct state established accept;
|
|
@ -1 +0,0 @@
|
|||
ct state invalid counter drop;
|
|
@ -1 +0,0 @@
|
|||
ct state related accept;
|
|
@ -1 +0,0 @@
|
|||
ip protocol icmp counter accept;
|
|
@ -1 +0,0 @@
|
|||
ip6 nexthdr icmpv6 counter accept;
|
|
@ -1 +0,0 @@
|
|||
iifname lo accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 10809 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 143 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 22 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 25 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 443 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 465 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 51413 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 53 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 587 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 64738 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 7777 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 80 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 993 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 26000 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 51413 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 51820 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 53 counter accept;
|
|
@ -1 +0,0 @@
|
|||
tcp dport 64783 counter accept;
|
|
@ -1,14 +1,17 @@
|
|||
table inet nnd-base {
|
||||
chain rxfilter {
|
||||
type filter hook input priority 0;
|
||||
policy drop;
|
||||
policy reject;
|
||||
|
||||
ct state invalid counter drop;
|
||||
icmpx counter accept;
|
||||
|
||||
include "inet/nnd-base/filter/input/*";
|
||||
counter reject with icmpx type admin-prohibited;
|
||||
}
|
||||
chain fwfilter {
|
||||
type filter hook forward priority 0;
|
||||
policy drop;
|
||||
policy reject;
|
||||
include "inet/nnd-base/filter/forward/*";
|
||||
counter reject with icmpx type no-route;
|
||||
}
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
# Contributor: Alex Denes <caskd@redxen.eu>
|
||||
# Maintainer: Alex Denes <caskd@redxen.eu>
|
||||
. ../../APKBUILD.template
|
||||
|
||||
pkgname=nnd-s6-services
|
||||
pkgver=1.8
|
||||
pkgver=1.6
|
||||
pkgrel=0
|
||||
pkgdesc="Base services for s6"
|
||||
url="none"
|
||||
arch="noarch"
|
||||
license="MIT"
|
||||
depends="s6-rc s6-portable-utils s6-linux-utils"
|
||||
builddir="$srcdir/"
|
||||
_distpfx="etc/s6/dist"
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
/etc/nnd/nftables/
|
|
@ -1 +0,0 @@
|
|||
/etc/nnd/nftables/loadall
|
|
@ -60,7 +60,7 @@ distdefs() {
|
|||
for cdir in "$SDIR"/*; do
|
||||
local srv="${cdir##*/}"
|
||||
local dsv="$DPATH/$srv"
|
||||
if [ ! -e "$dsv" ]; then
|
||||
if [ ! -d "$dsv" ]; then
|
||||
ln -sv "$cdir" "$dsv" || ERR="$?" error "Failed to create reference"
|
||||
fi
|
||||
done
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
#!/bin/execlineb -P
|
||||
s6-envdir -i /etc/s6/env/path
|
||||
importas -i PATH PATH
|
||||
s6-envdir -i /etc/s6/env/nftables
|
||||
importas -i RULESET RULESET
|
||||
importas -i RULEDIR RULEDIR
|
||||
emptyenv
|
||||
|
||||
export PATH $PATH
|
||||
define RULESET /etc/nftables/core.nft
|
||||
|
||||
fdclose 1
|
||||
fdclose 2
|
||||
|
||||
exec nft -I $RULEDIR -f $RULESET
|
||||
exec nft -f ${RULESET}
|
||||
|
|
Loading…
Reference in New Issue