kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/nftables: store rules in dedicated files instead of nftables.conf
All checks were successful
kunsi/bundlewrap/pipeline/pr-main This commit looks good
Details
kunsi/bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-12-14 14:03:13 +01:00
parent 1742f51778
commit 0101e0c92d
Signed by: kunsi
GPG key ID: 12E3D2136B818350
11 changed files with 77 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

25
bundles/nftables/files/nftables.conf
View file

@ -19,14 +19,6 @@ table inet filter {
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
% for ruleset, rules in sorted(node.metadata.get('nftables/rules/input', {}).items()):
# ${ruleset}
% for rule in rules:
${rule}
% endfor
# / ${ruleset}
% endfor
}
chain output {
@ -40,32 +32,15 @@ table inet filter {
icmp type timestamp-request drop
icmp type timestamp-reply drop
% for ruleset, rules in sorted(node.metadata.get('nftables/rules/forward', {}).items()):
# ${ruleset}
% for rule in rules:
${rule}
% endfor
# / ${ruleset}
% endfor
}
}
table nat {
chain prerouting {
type nat hook prerouting priority -100
% for rule in sorted(node.metadata.get('nftables/rules/nat_prerouting', [])):
${rule}
% endfor
}
chain postrouting {
type nat hook postrouting priority 100
% for rule in sorted(node.metadata.get('nftables/rules/nat_postrouting', [])):
${rule}
% endfor
}
}