Date: Thursday, August 19, 2021 @ 22:07:36 Author: seblu Revision: 422383
archrelease: copy trunk to extra-x86_64 Added: nftables/repos/extra-x86_64/PKGBUILD (from rev 422382, nftables/trunk/PKGBUILD) nftables/repos/extra-x86_64/nftables.conf (from rev 422382, nftables/trunk/nftables.conf) nftables/repos/extra-x86_64/nftables.install (from rev 422382, nftables/trunk/nftables.install) nftables/repos/extra-x86_64/nftables.service (from rev 422382, nftables/trunk/nftables.service) Deleted: nftables/repos/extra-x86_64/PKGBUILD nftables/repos/extra-x86_64/nftables.conf nftables/repos/extra-x86_64/nftables.install nftables/repos/extra-x86_64/nftables.service ------------------+ PKGBUILD | 118 ++++++++++++++++++++++++++--------------------------- nftables.conf | 54 ++++++++++++------------ nftables.install | 20 ++++---- nftables.service | 24 +++++----- 4 files changed, 108 insertions(+), 108 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2021-08-19 22:07:30 UTC (rev 422382) +++ PKGBUILD 2021-08-19 22:07:36 UTC (rev 422383) @@ -1,59 +0,0 @@ -# Maintainer: Sébastien "Seblu" Luttringer <se...@archlinux.org> - -pkgname=nftables -epoch=1 -pkgver=0.9.9 -pkgrel=6 -pkgdesc='Netfilter tables userspace tools' -arch=('x86_64') -url='https://netfilter.org/projects/nftables/' -license=('GPL2') -depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson') -optdepends=('python: Python bindings') -makedepends=('asciidoc' 'python') -backup=('etc/nftables.conf') -validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team -source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig} - 'nftables.conf' - 'nftables.service') -install=nftables.install -sha256sums=('76ef2dc7fd0d79031a8369487739a217ca83996b3a746cec5bda79da11e3f1b4' - 'SKIP' - '2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8' - 'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea') - -prepare() { - cd $pkgname-$pkgver - # apply patch from the source array (should be a pacman feature) - local filename - for filename in "${source[@]}"; do - if [[ "$filename" =~ \.patch$ ]]; then - msg2 "Applying patch ${filename##*/}" - patch -p1 -N -i "$srcdir/${filename##*/}" - fi - done - : -} - -build() { - cd $pkgname-$pkgver - ./configure \ - --prefix=/usr \ - --sbindir=/usr/bin \ - --sysconfdir=/usr/share \ - --with-json \ - --disable-debug - make -} - -package() { - pushd $pkgname-$pkgver - make DESTDIR="$pkgdir" install - popd - # basic safe firewall config - install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf" - # systemd - install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service" -} - -# vim:set ts=2 sw=2 et: Copied: nftables/repos/extra-x86_64/PKGBUILD (from rev 422382, nftables/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2021-08-19 22:07:36 UTC (rev 422383) @@ -0,0 +1,59 @@ +# Maintainer: Sébastien "Seblu" Luttringer <se...@archlinux.org> + +pkgname=nftables +epoch=1 +pkgver=1.0.0 +pkgrel=1 +pkgdesc='Netfilter tables userspace tools' +arch=('x86_64') +url='https://netfilter.org/projects/nftables/' +license=('GPL2') +depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses' 'jansson') +optdepends=('python: Python bindings') +makedepends=('asciidoc' 'python') +backup=('etc/nftables.conf') +validpgpkeys=('37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team +source=("https://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig} + 'nftables.conf' + 'nftables.service') +install=nftables.install +sha256sums=('58bf547daf967a2b88ecb4f425f126006ebde22711db806b25c1d6cf84fe45f4' + 'SKIP' + '2aff88019097d21dbfa4713f5b54c184751c86376e458b683f8d90f3abd232a8' + 'deffeef36fe658867dd9203ec13dec85047a6d224ea63334dcf60db97e1809ea') + +prepare() { + cd $pkgname-$pkgver + # apply patch from the source array (should be a pacman feature) + local filename + for filename in "${source[@]}"; do + if [[ "$filename" =~ \.patch$ ]]; then + msg2 "Applying patch ${filename##*/}" + patch -p1 -N -i "$srcdir/${filename##*/}" + fi + done + : +} + +build() { + cd $pkgname-$pkgver + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/usr/share \ + --with-json \ + --disable-debug + make +} + +package() { + pushd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + popd + # basic safe firewall config + install -Dm644 nftables.conf "$pkgdir/etc/nftables.conf" + # systemd + install -Dm644 nftables.service "$pkgdir/usr/lib/systemd/system/nftables.service" +} + +# vim:set ts=2 sw=2 et: Deleted: nftables.conf =================================================================== --- nftables.conf 2021-08-19 22:07:30 UTC (rev 422382) +++ nftables.conf 2021-08-19 22:07:36 UTC (rev 422383) @@ -1,27 +0,0 @@ -#!/usr/bin/nft -f -# vim:set ts=2 sw=2 et: - -# IPv4/IPv6 Simple & Safe firewall ruleset. -# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/. - -table inet filter -delete table inet filter -table inet filter { - chain input { - type filter hook input priority filter - policy drop - - ct state invalid drop comment "early drop of invalid connections" - ct state {established, related} accept comment "allow tracked connections" - iifname lo accept comment "allow from loopback" - ip protocol icmp accept comment "allow icmp" - meta l4proto ipv6-icmp accept comment "allow icmp v6" - tcp dport ssh accept comment "allow sshd" - pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited - counter - } - chain forward { - type filter hook forward priority filter - policy drop - } -} Copied: nftables/repos/extra-x86_64/nftables.conf (from rev 422382, nftables/trunk/nftables.conf) =================================================================== --- nftables.conf (rev 0) +++ nftables.conf 2021-08-19 22:07:36 UTC (rev 422383) @@ -0,0 +1,27 @@ +#!/usr/bin/nft -f +# vim:set ts=2 sw=2 et: + +# IPv4/IPv6 Simple & Safe firewall ruleset. +# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/. + +table inet filter +delete table inet filter +table inet filter { + chain input { + type filter hook input priority filter + policy drop + + ct state invalid drop comment "early drop of invalid connections" + ct state {established, related} accept comment "allow tracked connections" + iifname lo accept comment "allow from loopback" + ip protocol icmp accept comment "allow icmp" + meta l4proto ipv6-icmp accept comment "allow icmp v6" + tcp dport ssh accept comment "allow sshd" + pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited + counter + } + chain forward { + type filter hook forward priority filter + policy drop + } +} Deleted: nftables.install =================================================================== --- nftables.install 2021-08-19 22:07:30 UTC (rev 422382) +++ nftables.install 2021-08-19 22:07:36 UTC (rev 422383) @@ -1,10 +0,0 @@ -## arg 1: the new package version -## arg 2: the old package version -post_upgrade() { - (( $(vercmp "$2" '1:0.9.9-1') > 0 )) || cat <<EOF -==> Stopping/restarting the nftables service does NOT flush the ruleset anymore. -==> The nftables.conf file requires a delete/flush directive to be restarted. -==> See examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples. -==> The nftables service reload has been removed as it is now equivalent to a restart. -EOF -} Copied: nftables/repos/extra-x86_64/nftables.install (from rev 422382, nftables/trunk/nftables.install) =================================================================== --- nftables.install (rev 0) +++ nftables.install 2021-08-19 22:07:36 UTC (rev 422383) @@ -0,0 +1,10 @@ +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + (( $(vercmp "$2" '1:0.9.9-1') > 0 )) || cat <<EOF +==> Stopping/restarting the nftables service does NOT flush the ruleset anymore. +==> The nftables.conf file requires a delete/flush directive to be restarted. +==> See examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples. +==> The nftables service reload has been removed as it is now equivalent to a restart. +EOF +} Deleted: nftables.service =================================================================== --- nftables.service 2021-08-19 22:07:30 UTC (rev 422382) +++ nftables.service 2021-08-19 22:07:36 UTC (rev 422383) @@ -1,12 +0,0 @@ -[Unit] -Description=Netfilter Tables -Documentation=man:nft(8) -Wants=network-pre.target -Before=network-pre.target - -[Service] -Type=oneshot -ExecStart=/usr/bin/nft -f /etc/nftables.conf - -[Install] -WantedBy=multi-user.target Copied: nftables/repos/extra-x86_64/nftables.service (from rev 422382, nftables/trunk/nftables.service) =================================================================== --- nftables.service (rev 0) +++ nftables.service 2021-08-19 22:07:36 UTC (rev 422383) @@ -0,0 +1,12 @@ +[Unit] +Description=Netfilter Tables +Documentation=man:nft(8) +Wants=network-pre.target +Before=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/nft -f /etc/nftables.conf + +[Install] +WantedBy=multi-user.target