[nft] src: install table skeleton files to sysconfdir/nftables

Message ID 20180312113604.31602-1-fw@strlen.de
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series
  • [nft] src: install table skeleton files to sysconfdir/nftables
Related show

Commit Message

Florian Westphal March 12, 2018, 11:36 a.m.
commit 6c9230e79339ca ("nftables: rearrange files and examples")
removed the install hook for the old 'iptables table skeleton rulesets'.

This restores the install hook for some of these.

Reported-by: Duncan Roe <duncan_roe@optusnet.com.au>
Cc: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 Makefile.am                |  1 +
 configure.ac               |  2 ++
 files/Makefile.am          |  1 +
 files/examples/Makefile.am | 18 ++++++++++++++++++
 4 files changed, 22 insertions(+)
 create mode 100644 files/Makefile.am
 create mode 100644 files/examples/Makefile.am

Comments

Arturo Borrero Gonzalez March 12, 2018, 12:02 p.m. | #1
On 12 March 2018 at 12:36, Florian Westphal <fw@strlen.de> wrote:
> +
> +install-data-hook:
> +       ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
> --

The shebang in those files is static now (#!/usr/sbin/nft -f)

Perhaps we should differentiate between files we use for development
and example files for the tarball (downstream users)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Westphal March 12, 2018, 12:09 p.m. | #2
Arturo Borrero Gonzalez <arturo@netfilter.org> wrote:
> On 12 March 2018 at 12:36, Florian Westphal <fw@strlen.de> wrote:
> > +
> > +install-data-hook:
> > +       ${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*
> > --
> 
> The shebang in those files is static now (#!/usr/sbin/nft -f)

Indeed.  I would change this back to the replace-variant.

> Perhaps we should differentiate between files we use for development
> and example files for the tarball (downstream users)

Right, the example files could provide real examples, the files
in /etc are just the 'iptables tables' in nft (i.e. only
base chain hooks, no rules).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/Makefile.am b/Makefile.am
index 5ef61be6dfec..f33da9dbd181 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,7 @@  ACLOCAL_AMFLAGS	= -I m4
 
 SUBDIRS = 	src	\
 		include	\
+		files	\
 		doc
 
 EXTRA_DIST =	tests	\
diff --git a/configure.ac b/configure.ac
index 6c6b9b3a4c4b..fb2175a55656 100644
--- a/configure.ac
+++ b/configure.ac
@@ -119,6 +119,8 @@  AC_CONFIG_FILES([					\
 		include/linux/netfilter_ipv4/Makefile	\
 		include/linux/netfilter_ipv6/Makefile	\
 		doc/Makefile				\
+		files/Makefile				\
+		files/examples/Makefile			\
 		])
 AC_OUTPUT
 
diff --git a/files/Makefile.am b/files/Makefile.am
new file mode 100644
index 000000000000..aee2d7baa2ad
--- /dev/null
+++ b/files/Makefile.am
@@ -0,0 +1 @@ 
+SUBDIRS = examples
diff --git a/files/examples/Makefile.am b/files/examples/Makefile.am
new file mode 100644
index 000000000000..21e8be1bd388
--- /dev/null
+++ b/files/examples/Makefile.am
@@ -0,0 +1,18 @@ 
+
+pkgsysconfdir = ${sysconfdir}/nftables
+dist_pkgsysconf_DATA =	arp-filter.nft		\
+			bridge-filter.nft	\
+			inet-filter.nft		\
+			ipv4-filter.nft		\
+			ipv4-mangle.nft		\
+			ipv4-nat.nft		\
+			ipv4-raw.nft		\
+			ipv6-filter.nft		\
+			ipv6-mangle.nft		\
+			ipv6-nat.nft		\
+			ipv6-raw.nft		\
+			netdev-ingress.nft
+
+
+install-data-hook:
+	${SED} -i 's|@sbindir[@]|${sbindir}/|g' ${DESTDIR}${pkgsysconfdir}/*