| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is a configuration and so should be stored in /etc. Also nftables
format is very well suited for hand-written firewall configuration, not
just for dumping current rules managed manually by ntf tool or generated
by some shell script.
However, to be consistent with iptables package, I kept save_on_stop
enabled by default.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- Tidy up panic function to a single inet (combined ip and ipv6) table.
- Use policy drop for each chain in the panic function instead of a drop rule. This way a user could manually add in rules later allowing explicit access.
- Instead of a clear function, include 'flush ruleset' in the output of the save function. This way loading the saved rulesets is fully atomic, instead of two commands.
- Stop is the only function that needs to be able to flush ruleset, so run 'nft flush ruleset' directly, and remove the clear function.
|
| |
|
|
| |
Updating main/nftables init script. Based on the newer Gentoo init script: https://gitweb.gentoo.org/repo/gentoo.git/tree/net-firewall/nftables/files/nftables.init-r2. Merged nftables.sh from Gentoo's version into the init script itself, and removed the legacy functionality. Adding descriptions for each action as well.
|
|
|
Since linux 3.18 the elaborate clear logic is no longer needed. Replace
it with the safer:
nft flush ruleset
|
