Add nftables firewall

4 files changed, 25 insertions, 0 deletions

diff --git a/rc.firewall/firewall/dependencies b/rc.firewall/firewall/dependencies
new file mode 100644
index 0000000..1c288cb
--- /dev/null
+++ b/rc.firewall/firewall/dependencies
@@ -0,0 +1,4 @@
+network
+# In some cases this service might need to be started after the service
+# below dealing with IP packet forwarding
+#ip_forward
diff --git a/rc.firewall/firewall/down b/rc.firewall/firewall/down
new file mode 100644
index 0000000..28f0d83
--- /dev/null
+++ b/rc.firewall/firewall/down
@@ -0,0 +1,9 @@
+######################################################
+# Run the rc.firewall_shutdown script (if it exists) #
+######################################################
+
+if -t { [ -x /etc/rc.d/rc.firewall_shutdown ] }
+# Prepend every output with the service's name
+pipeline -w { sed -u "s/^/firewall: /" }
+fdmove -c 2 1
+nft flush ruleset
diff --git a/rc.firewall/firewall/type b/rc.firewall/firewall/type
new file mode 100644
index 0000000..bdd22a1
--- /dev/null
+++ b/rc.firewall/firewall/type
@@ -0,0 +1 @@
+oneshot
diff --git a/rc.firewall/firewall/up b/rc.firewall/firewall/up
new file mode 100644
index 0000000..2d62e8d
--- /dev/null
+++ b/rc.firewall/firewall/up
@@ -0,0 +1,11 @@
+####################################################################
+# Run the rc.firewall script                                       #
+#                                                                  #
+# See the HOWTOs on http://www.netfilter.org/ for documentation on #
+# setting up a firewall or NAT on Linux                            #
+####################################################################
+
+# Prepend every output with the service's name
+pipeline -w { sed -u "s/^/firewall: /" }
+fdmove -c 2 1
+nft -f /etc/nftables/conf.nft