package created using the webbuild interface [release 1.0.8-1mamba;Sat Aug 12 2023]

This commit is contained in:
Silvan Calarco 2024-01-06 07:38:07 +01:00
parent c84a40a670
commit 123f14fb30
4 changed files with 175 additions and 0 deletions

View File

@ -1,2 +1,4 @@
# nftables # nftables
nftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem.

27
nftables.conf Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:
# IPv4/IPv6 Simple & Safe firewall ruleset.
# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
table inet filter
delete table inet filter
table inet filter {
chain input {
type filter hook input priority filter
policy drop
ct state invalid drop comment "early drop of invalid connections"
ct state {established, related} accept comment "allow tracked connections"
iifname lo accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport ssh accept comment "allow sshd"
pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
counter
}
chain forward {
type filter hook forward priority filter
policy drop
}
}

12
nftables.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Netfilter Tables
Documentation=man:nft(8)
Wants=network-pre.target
Before=network-pre.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/nft -f /etc/nftables/nftables.conf
[Install]
WantedBy=multi-user.target

134
nftables.spec Normal file
View File

@ -0,0 +1,134 @@
Name: nftables
Version: 1.0.8
Release: 1mamba
Summary: Netfilter tables userspace tools
Group: Network/Security
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://netfilter.org/projects/nftables/index.html
Source: https://netfilter.org/projects/nftables/files/nftables-%{version}.tar.xz
Source1: nftables.conf
Source2: nftables.service
License: GPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libgmp-devel
BuildRequires: libjansson-devel
BuildRequires: libmnl-devel
BuildRequires: libnftnl-devel
BuildRequires: libpython310-devel
BuildRequires: libreadline-devel
## AUTOBUILDREQ-END
Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
%description
nftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem.
%package -n lib%{name}
Group: System/Libraries
Summary: Shared libraries for %{name}
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description -n lib%{name}
This package contains shared libraries for %{name}.
%package -n lib%{name}-devel
Group: Development/Libraries
Summary: Development files for %{name}
Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
Requires: pkg-config
%description -n lib%{name}-devel
This package contains libraries and header files for developing applications that use %{name}.
%package -n python-nftables-py310
Group: System/Libraries/Python
Summary: Python bindings to %{name}
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description -n python-nftables-py310
This package contains the Python bindings to %{name}.
%debug_package
%prep
%setup -q
%build
%configure \
--with-json \
--with-cli=readline \
--disable-python
%make
# From Arch: Building the Python module separately due to the automatic build resulting
# in an incorrect directory structure and unimportable module (see FS#79229)
cd py
%{__python310} -m build --wheel --no-isolation
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%makeinstall
%{__python310} -m installer --destdir=%{buildroot} py/dist/*.whl
install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/nftables/nftables.conf
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/nftables.service
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%post -n lib%{name} -p /sbin/ldconfig
%postun -n lib%{name} -p /sbin/ldconfig
%post
%systemd_post nftables
:
%preun
%systemd_preun nftables
:
%postun
%systemd_postun_with_restart nftables
:
%files
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/nftables/nftables.conf
%{_sysconfdir}/nftables/osf/pf.os
%{_sbindir}/nft
%{_unitdir}/nftables.service
%dir %{_docdir}/nftables
%dir %{_docdir}/nftables/examples
%{_docdir}/nftables/examples/*
%{_mandir}/man5/libnftables-json.5*
%{_mandir}/man8/nft.8*
%dir %{_datadir}/nftables
%{_datadir}/nftables/*.nft
%files -n lib%{name}
%defattr(-,root,root)
%{_libdir}/libnftables.so.*
%doc COPYING
%files -n lib%{name}-devel
%defattr(-,root,root)
%dir %{_includedir}/nftables
%{_includedir}/nftables/libnftables.h
%{_libdir}/libnftables.so
%{_libdir}/pkgconfig/libnftables.pc
%{_mandir}/man3/libnftables.3*
%files -n python-nftables-py310
%defattr(-,root,root)
%dir %{python310_sitelib}/nftables-*.dist-info
%{python310_sitelib}/nftables-*.dist-info/*
%dir %{python310_sitelib}/nftables
%{python310_sitelib}/nftables/*
%changelog
* Sat Aug 12 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.8-1mamba
- package created using the webbuild interface