|
|
@@ -0,0 +1,76 @@
|
|
|
+#!/bin/sh
|
|
|
+
|
|
|
+DAEMON="nftables"
|
|
|
+
|
|
|
+# Main ruleset file, override in /etc/default/nftables if you want a
|
|
|
+# different location. The file should include a "flush ruleset"
|
|
|
+# command to atomically replace any previous rules on reload (instead
|
|
|
+# of adding to them).
|
|
|
+NFTABLES_CONFIG="/etc/nftables.conf"
|
|
|
+
|
|
|
+# shellcheck source=/dev/null
|
|
|
+[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
|
|
+
|
|
|
+# Run only if the ruleset file exists.
|
|
|
+if [ ! -f "${NFTABLES_CONFIG}" ]; then
|
|
|
+ echo "${NFTABLES_CONFIG} does not exist, nothing to do."
|
|
|
+ exit 0
|
|
|
+fi
|
|
|
+
|
|
|
+start() {
|
|
|
+ printf "Loading nftables rules: "
|
|
|
+ /usr/sbin/nft --file "${NFTABLES_CONFIG}"
|
|
|
+ status=$?
|
|
|
+ if [ "$status" -eq 0 ]; then
|
|
|
+ echo "OK"
|
|
|
+ else
|
|
|
+ echo "FAIL"
|
|
|
+ fi
|
|
|
+ return "$status"
|
|
|
+}
|
|
|
+
|
|
|
+stop() {
|
|
|
+ printf "Clearing nftables rules: "
|
|
|
+ /usr/sbin/nft flush ruleset
|
|
|
+ status=$?
|
|
|
+ if [ "$status" -eq 0 ]; then
|
|
|
+ echo "OK"
|
|
|
+ else
|
|
|
+ echo "FAIL"
|
|
|
+ fi
|
|
|
+ return "$status"
|
|
|
+}
|
|
|
+
|
|
|
+restart() {
|
|
|
+ stop
|
|
|
+ start
|
|
|
+}
|
|
|
+
|
|
|
+reload() {
|
|
|
+ FLUSH='flush ruleset'
|
|
|
+ if ! grep -q -x "$FLUSH" "${NFTABLES_CONFIG}"; then
|
|
|
+ printf 'WARNING: no "%s" in %s, duplicated rules likely\n' \
|
|
|
+ "$FLUSH" "${NFTABLES_CONFIG}"
|
|
|
+ fi
|
|
|
+ start
|
|
|
+}
|
|
|
+
|
|
|
+case "$1" in
|
|
|
+ start)
|
|
|
+ start
|
|
|
+ ;;
|
|
|
+ stop)
|
|
|
+ stop
|
|
|
+ ;;
|
|
|
+ restart)
|
|
|
+ restart
|
|
|
+ ;;
|
|
|
+ reload)
|
|
|
+ reload
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ echo "Usage: $0 {start|stop|restart|reload}"
|
|
|
+ exit 1
|
|
|
+esac
|
|
|
+
|
|
|
+exit $?
|
Fiona Klute (WIWA)