First release

AdrianBan · AdrianBan · commit d65b1181d991 · 2019-10-16T23:34:43.000+03:00
diff --git a/Makefile b/Makefile
@@ -0,0 +1,33 @@
+#!/usr/bin/make -f
+
+# This file is part of nftables-persistent
+# Copyright (C) 2019 Adrian Ban
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, either version 3
+# of the License, or (at your option) any later version.
+
+PREFIX=/
+DEST=$(DESTDIR)$(PREFIX)
+
+all:
+
+clean:
+
+install:
+	install -d $(DEST)/usr/sbin
+	install -d $(DEST)/usr/share/nftables-persistent
+	install -d $(DEST)/usr/share/nftables-persistent/plugins.d
+	# Main wrapper
+	install nftables-persistent $(DEST)/usr/sbin
+	# Systemd
+	install -d $(DEST)/lib/systemd/system
+	install --mode=644 systemd/* $(DEST)/lib/systemd/system
+	# Manual
+	install -d $(DEST)/usr/share/man/man8
+	install --mode=644 nftables-persistent.8 $(DEST)/usr/share/man/man8
+
+install-plugins:
+	# Plugins
+	install plugins/* $(DEST)/usr/share/nftables-persistent/plugins.d
diff --git a/debian/README b/debian/README
@@ -0,0 +1,22 @@
+nftables-persistent and its plugins
+------------------------------------
+
+nftables-persistent is used to load and save filter rules.
+This tool cames with a nft plugin.
+
+Commands are run from nftables-persistent. For example, to save
+all filter rules:
+
+   nftables-persistent save
+
+or to load them:
+
+   nftables-persistent start
+
+For more details, see `man nftables-persistent`.
+
+The system service will try to load rules at startup if enabled, but by
+default it will not flush rules at shutdown. This behaviour can be changed
+by editing /etc/default/nftables-persistent.
+
+ -- Adrian Ban <devel@abtelecom.ro>  Tue, 16 Oct 2019 11:11:00 +0100
diff --git a/debian/README.source b/debian/README.source
@@ -0,0 +1,8 @@
+
+  nftables-persistent has become a native package (meaning there is no
+  upstream tarball). In its present form, nftables-persistent is unlikely
+  to be useful outside Debian or Debian-derivatives, and I do not plan to
+  include any support for other distributions, so a native package makes the
+  maintenance overhead considerably smaller.
+
+ -- Adrian Ban <devel@abtelecom.ro>  Tue, 16 Oct 2019 16:38:17 +0200
diff --git a/debian/changelog b/debian/changelog
@@ -0,0 +1,7 @@
+nftables-persistent (0.1.0) unstable; urgency=medium
+
+  * First release of nftables-persistent
+  * Based on netfilter-persistent
+
+ -- Adrian Ban <devel@abtelecom.ro>  Tue, 16 Oct 2019 16:12:28 +0200
+
diff --git a/debian/compat b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
@@ -0,0 +1,21 @@
+Source: nftables-persistent
+Section: admin
+Priority: optional
+Maintainer: Adrian Ban <devel@abtelecom.ro>
+Build-Depends: debhelper (>= 7.0.50~), dh-systemd, po-debconf
+Standards-Version: 3.9.6
+Vcs-Browser: https://github.com/AdrianBan/nftables-persistent
+Vcs-Git: https://github.com/AdrianBan/nftables-persistent
+
+Package: nftables-persistent
+Architecture: all
+Depends: lsb-base, ${misc:Depends}
+Breaks: iptables-persistent, netfilter-persistent, ipset-persistent
+Replaces: iptables-persistent, netfilter-persistent, ipset-persistent
+Pre-Depends: ${misc:Pre-Depends}
+Description: boot-time loader for nftables configuration
+ This package provides a loader for nftables configuration using a
+ plugin-based architecture. It can load, flush and save a running
+ configuration. Extending nftables-persistent with plugins is trivial and can
+ be done in any language.
+
diff --git a/debian/copyright b/debian/copyright
@@ -0,0 +1,22 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: nftables-persistent
+Upstream-Contact: Adrian Ban <devel@abtelecom.ro>
+
+Files: *
+Copyright: © 2018, Adrian Ban <devel@abtelecom.ro>
+License: GPL-3
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'.
diff --git a/debian/gbp.conf b/debian/gbp.conf
@@ -0,0 +1,7 @@
+[DEFAULT]
+compression = bzip2
+debian-branch=debian
+
+[dch]
+meta = true
+id-length = 6
diff --git a/debian/nftables-persistent.config b/debian/nftables-persistent.config
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+# Source debconf library
+. /usr/share/debconf/confmodule
+
+db_get nft-persistent/autosave_done || true
+if [ "x$RET" != "xtrue" ]; then
+	# Save nft rules?
+	db_input high nft-persistent/autosave || true
+	db_go
+fi
diff --git a/debian/nftables-persistent.default b/debian/nftables-persistent.default
@@ -0,0 +1,5 @@
+# Configuration for netfilter-persistent
+# Plugins may extend this file or have their own
+
+FLUSH_ON_STOP=1
+
diff --git a/debian/nftables-persistent.dirs b/debian/nftables-persistent.dirs
@@ -0,0 +1,2 @@
+etc/nftables
+usr/share/nftables-persistent/plugins.d
diff --git a/debian/nftables-persistent.docs b/debian/nftables-persistent.docs
@@ -0,0 +1 @@
+debian/README
diff --git a/debian/nftables-persistent.init b/debian/nftables-persistent.init
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# This file is part of netfilter-persistent
+# Copyright (C) 2019 Adrian Ban
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, either version 3
+# of the License, or (at your option) any later version.
+
+### BEGIN INIT INFO
+# Provides:          netfilter-persistent
+# Required-Start:    mountkernfs $remote_fs
+# Required-Stop:     $remote_fs
+# Default-Start:     S
+# Default-Stop:      0 1 6
+# Short-Description: Load boot-time netfilter configuration
+# Description:       Loads boot-time netfilter configuration
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+case "$1" in
+start|restart|reload|force-reload)
+    log_action_begin_msg "Loading nftables rules"
+    /usr/sbin/nftables-persistent start
+    log_action_end_msg $?
+	;;
+save)
+    log_action_begin_msg "Saving nftables rules"
+    /usr/sbin/nftables-persistent save
+    log_action_end_msg $?
+	;;
+stop)
+    log_action_begin_msg "Stopping nftables rules"
+    /usr/sbin/nftables-persistent stop
+    log_action_end_msg $?
+	;;
+flush)
+    log_action_begin_msg "Flushing nftables rules"
+    /usr/sbin/nftables-persistent flush
+    log_action_end_msg $?
+	;;
+*)
+    echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
+    exit 1
+    ;;
+esac
+
+exit $rc
diff --git a/debian/nftables-persistent.install b/debian/nftables-persistent.install
@@ -0,0 +1 @@
+plugins/15-nftables                  usr/share/nftables-persistent/plugins.d/
diff --git a/debian/nftables-persistent.maintscript b/debian/nftables-persistent.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/init.d/nftables-persistent 1~
diff --git a/debian/nftables-persistent.postinst b/debian/nftables-persistent.postinst
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+# Source debconf library
+. /usr/share/debconf/confmodule
+
+case "$1" in
+configure)
+    db_get nftables-persistent/autosave_done || true
+    if [ "x$RET" != "xtrue" ]; then
+        db_get nftables-persistent/autosave || true
+        if [ "x$RET" = "xtrue" ]; then
+	    if which nft > /dev/null ; then
+		if nft list ruleset > /dev/null; then
+		    nft list ruleset > /etc/nftables/rules
+		else
+                    echo "NFTables: Unable to save"
+		fi
+	    else
+                echo "NFTables: Can't find nftables in $PATH, please check your system"
+            fi
+        fi
+
+        db_set nftables-persistent/autosave_done true || true
+    fi
+
+    update-rc.d nftables-persistent remove
+;;
+esac
+
+#DEBHELPER#
diff --git a/debian/nftables-persistent.postrm b/debian/nftables-persistent.postrm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+purge)
+	rm -rf /etc/nftables/rules
+;;
+esac
+
+#DEBHELPER#
diff --git a/debian/nftables-persistent.templates b/debian/nftables-persistent.templates
@@ -0,0 +1,21 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-english@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
+Template: nftables-persistent/autosave
+Type: boolean
+Default: true
+_Description: Save current NFTables rules?
+ Current nftables rules can be saved to the configuration
+ file /etc/nftables/rules. These rules will then be loaded automatically
+ during system startup.
+ .
+ Rules are only saved automatically during package installation. See the
+ manual page of nft(8) for instructions on keeping the rules file
+ up-to-date.
+
diff --git a/debian/nftables.override b/debian/nftables.override
@@ -0,0 +1,2 @@
+[Unit]
+Conflicts=iptables.service ip6tables.service ipset.service netfilter-persistent.service
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] iptables-persistent.templates
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
@@ -0,0 +1,42 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2019-10-16 16:59+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../nftables-persistent.templates:2001
+msgid "Save current NFTables rules?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../nftables-persistent.templates:2001
+msgid ""
+"Current nftables rules can be saved to the configuration file /etc/nftables/"
+"rules. These rules will then be loaded automatically during system "
+"startup."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../nftables-persistent.templates:2001
+msgid ""
+"Rules are only saved automatically during package installation. See the "
+"manual page of nft(8) for instructions on keeping the rules file "
+"up-to-date."
+msgstr ""
+
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+override_dh_installinit:
+	dh_installinit -- start 37 S . stop 37 0 1 6 .
+
+%:
+	dh $@ --with systemd
diff --git a/debian/source/format b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/nftables-persistent b/nftables-persistent
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# This file is part of nftables-persistent based on iptables-persistent
+# Copyright (C) 2019 Adrian Ban
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, either version 3
+# of the License, or (at your option) any later version.
+
+set -e
+
+IAM=$(whoami)
+PLUGINS=/usr/share/nftables-persistent/plugins.d
+
+if [ ${IAM} != "root" ]; then
+    echo "You must be root to use this utility"
+fi
+
+# Source configuration
+if [ -f "/etc/default/nftables-persistent" ]; then
+    . /etc/default/nftables-persistent
+fi
+
+run_plugins () {
+    if [ -d ${PLUGINS} ]; then
+        run-parts -v -a ${1} ${PLUGINS}
+    fi
+}
+
+case $1 in
+start|save|flush)
+    run_plugins ${1}
+    ;;
+reload|restart)
+    run_plugins flush
+    run_plugins start
+    ;;
+stop)
+    if [ ${FLUSH_ON_STOP} -gt 0 ]; then
+        run_plugins flush
+    else
+        echo "Automatic flush disabled; use '${0} flush'"
+    fi
+    ;;
+*)
+    echo "Usage: ${0} (start|stop|restart|reload|flush|save)"
+    ;;
+esac
+
+
+exit 0
+
diff --git a/nftables-persistent.8 b/nftables-persistent.8
diff --git a/plugins/15-nftables b/plugins/15-nftables
diff --git a/systemd/nftables-persistent.service b/systemd/nftables-persistent.service
