package created using the webbuild interface [release 1.0.8-1mamba;Sat Aug 12 2023]

2024-01-06 07:38:07 +01:00 · 2024-01-06 07:38:07 +01:00 · 123f14fb30
commit 123f14fb30
parent c84a40a670
4 changed files with 175 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,4 @@
 # nftables

+nftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem.
+
--- a/nftables.conf
+++ b/nftables.conf
@ -0,0 +1,27 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+# IPv4/IPv6 Simple & Safe firewall ruleset.
+# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
+
+table inet filter
+delete table inet filter
+table inet filter {
+  chain input {
+    type filter hook input priority filter
+    policy drop
+
+    ct state invalid drop comment "early drop of invalid connections"
+    ct state {established, related} accept comment "allow tracked connections"
+    iifname lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
+    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+    counter
+  }
+  chain forward {
+    type filter hook forward priority filter
+    policy drop
+  }
+}
--- a/nftables.service
+++ b/nftables.service
@ -0,0 +1,12 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/nft -f /etc/nftables/nftables.conf
+
+[Install]
+WantedBy=multi-user.target
--- a/nftables.spec
+++ b/nftables.spec
@ -0,0 +1,134 @@
+Name:          nftables
+Version:       1.0.8
+Release:       1mamba
+Summary:       Netfilter tables userspace tools
+Group:         Network/Security
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           https://netfilter.org/projects/nftables/index.html
+Source:        https://netfilter.org/projects/nftables/files/nftables-%{version}.tar.xz
+Source1:       nftables.conf
+Source2:       nftables.service
+License:       GPL
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libgmp-devel
+BuildRequires: libjansson-devel
+BuildRequires: libmnl-devel
+BuildRequires: libnftnl-devel
+BuildRequires: libpython310-devel
+BuildRequires: libreadline-devel
+## AUTOBUILDREQ-END
+Requires:      lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description
+nftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem.
+
+%package -n lib%{name}
+Group:         System/Libraries
+Summary:       Shared libraries for %{name}
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n lib%{name}
+This package contains shared libraries for %{name}.
+
+%package -n lib%{name}-devel
+Group:         Development/Libraries
+Summary:       Development files for %{name}
+Requires:      lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
+Requires:      pkg-config
+
+%description -n lib%{name}-devel
+This package contains libraries and header files for developing applications that use %{name}.
+
+%package -n python-nftables-py310
+Group:         System/Libraries/Python
+Summary:       Python bindings to %{name}
+Requires:      %{name} = %{?epoch:%epoch:}%{version}-%{release}
+
+%description -n python-nftables-py310
+This package contains the Python bindings to %{name}.
+
+%debug_package
+
+%prep
+%setup -q
+
+%build
+%configure \
+    --with-json \
+    --with-cli=readline \
+    --disable-python
+
+%make
+
+# From Arch: Building the Python module separately due to the automatic build resulting
+# in an incorrect directory structure and unimportable module (see FS#79229)
+cd py
+%{__python310} -m build --wheel --no-isolation
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+%makeinstall
+
+%{__python310} -m installer --destdir=%{buildroot} py/dist/*.whl
+
+install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/nftables/nftables.conf
+install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/nftables.service
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post -n lib%{name} -p /sbin/ldconfig
+%postun -n lib%{name} -p /sbin/ldconfig
+
+%post
+%systemd_post nftables
+:
+
+%preun
+%systemd_preun nftables
+:
+
+%postun
+%systemd_postun_with_restart nftables
+:
+
+%files
+%defattr(-,root,root)
+%config(noreplace) %{_sysconfdir}/nftables/nftables.conf
+%{_sysconfdir}/nftables/osf/pf.os
+%{_sbindir}/nft
+%{_unitdir}/nftables.service
+%dir %{_docdir}/nftables
+%dir %{_docdir}/nftables/examples
+%{_docdir}/nftables/examples/*
+%{_mandir}/man5/libnftables-json.5*
+%{_mandir}/man8/nft.8*
+%dir %{_datadir}/nftables
+%{_datadir}/nftables/*.nft
+
+%files -n lib%{name}
+%defattr(-,root,root)
+%{_libdir}/libnftables.so.*
+%doc COPYING
+
+%files -n lib%{name}-devel
+%defattr(-,root,root)
+%dir %{_includedir}/nftables
+%{_includedir}/nftables/libnftables.h
+%{_libdir}/libnftables.so
+%{_libdir}/pkgconfig/libnftables.pc
+%{_mandir}/man3/libnftables.3*
+
+%files -n python-nftables-py310
+%defattr(-,root,root)
+%dir %{python310_sitelib}/nftables-*.dist-info
+%{python310_sitelib}/nftables-*.dist-info/*
+%dir %{python310_sitelib}/nftables
+%{python310_sitelib}/nftables/*
+
+%changelog
+* Sat Aug 12 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.8-1mamba
+- package created using the webbuild interface