| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a configuration and so should be stored in /etc. Also nftables
format is very well suited for hand-written firewall configuration, not
just for dumping current rules managed manually by ntf tool or generated
by some shell script.
However, to be consistent with iptables package, I kept save_on_stop
enabled by default.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates $license variable in all APKBUILDs to comply with
short names specified by SPDX version 3.0 [1] where possible. It was
done using find-and-replace method on substrings inside $license
variables.
Only license names were updated, not "expressions" specifying relation
between the licenses (e.g. "X and Y", "X or Y", "X and (Y or Z)") or
exceptions (e.g. "X with exceptions").
Many licenses have a version or multiple variants, e.g. MPL-2.0,
BSD-2-Clause, BSD-3-Clause. However, $license in many aports do not
contain license version or variant. Since there's no way how to infer
this information just from abuild, it were left without the variant
suffix or version, i.e. non SPDX compliant.
GNU licenses (AGPL, GFDL, GPL, LGPL) are especially complicated. They
exist in two variants: -only (formerly e.g. GPL-2.0) and -or-later
(formerly e.g. GPL-2.0+). We did not systematically noted distinguish
between these variants, so GPL-2.0, GPL2, GPLv2 etc. may mean
GPL-2.0-only or GPL-2.0-or-later. Thus GNU licenses without "+" (e.g.
GPL2+) were left without the variant suffix, i.e. non SPDX compliant.
Note: This commit just fixes format of the license names, no
verification has been done if the specified license information is
actually correct!
[1]: https://spdx.org/licenses/
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
- Tidy up panic function to a single inet (combined ip and ipv6) table.
- Use policy drop for each chain in the panic function instead of a drop rule. This way a user could manually add in rules later allowing explicit access.
- Instead of a clear function, include 'flush ruleset' in the output of the save function. This way loading the saved rulesets is fully atomic, instead of two commands.
- Stop is the only function that needs to be able to flush ruleset, so run 'nft flush ruleset' directly, and remove the clear function.
|
|
|
|
| |
Updating main/nftables init script. Based on the newer Gentoo init script: https://gitweb.gentoo.org/repo/gentoo.git/tree/net-firewall/nftables/files/nftables.init-r2. Merged nftables.sh from Gentoo's version into the init script itself, and removed the legacy functionality. Adding descriptions for each action as well.
|
|
|
|
|
| |
This conforms to wiki documentation regarding package creation:
http://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package#license
|
| |
|
|
Since linux 3.18 the elaborate clear logic is no longer needed. Replace
it with the safer:
nft flush ruleset
|