source-git / nftables

Clone
Source Code
GIT

Files

  1.   1227cde042e6591910a945b5d8b21a1576a371f7
  2.   tests
  3.   shell
  4.   testcases
  5.   chains
  6.   0021prio_0
Blob Blame History Raw 
#!/bin/bash

set -e

format_offset () {
	local i=$1
	if ((i == 0))
	then
		echo ""
	elif ((i > 0))
	then
		echo "+$i"
	else
		echo "$i"
	fi
}

chainname () {
	local hook=$1
	local prioname=$2
	local priooffset=$3

	echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp"
}

gen_chains () {
	local family=$1
	local hook=$2
	local prioname=$3
	local device=${4:+device $4}

	for i in -11 -10 0 10 11
	do
		local offset=`format_offset $i`
		local cmd="add chain $family x"
		cmd+=" `chainname $hook $prioname $offset` {"
		cmd+=" type filter hook $hook $device"
		cmd+=" priority $prioname $offset; }"
		echo "$cmd"
	done
}

tmpfile=$(mktemp)
trap "rm $tmpfile" EXIT

(

for family in ip ip6 inet
do
	echo "add table $family x"
	for hook in prerouting input forward output postrouting
	do
		for prioname in raw mangle filter security
		do
			gen_chains $family $hook $prioname
		done
	done
	gen_chains $family prerouting dstnat
	gen_chains $family postrouting srcnat
done

family=arp
echo "add table $family x"
for hook in input output
do
	gen_chains $family $hook filter
done

family=netdev
echo "add table $family x"
gen_chains $family ingress filter lo

family=bridge
echo "add table $family x"
for hook in prerouting input forward output postrouting
do
	gen_chains $family $hook filter
done
gen_chains $family prerouting dstnat
gen_chains $family output out
gen_chains $family postrouting srcnat

) >$tmpfile
$NFT -f $tmpfile

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation