SLFO-pool/nftables
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main nftables revision 1b451e0a95ff95804a3c101bcf911a3a

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 17:01:56 +02:00
commit 5f01a038a1
7 changed files with 619 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

24
0001-Revert-py-replace-distutils-with-setuptools.patch Normal file
View File

@ -0,0 +1,24 @@
From 2125091e724c399d653790af854d9daba0218b99 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 17 Jul 2023 12:13:05 +0200
Subject: [PATCH] Revert "py: replace distutils with setuptools"
This reverts commit 1acc2fd48c755a8931fa87b8d0560b750316059f.
---
py/setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/py/setup.py b/py/setup.py
index 8ad73e7b..72fc8fd9 100755
--- a/py/setup.py
+++ b/py/setup.py
@@ -1,5 +1,5 @@
#!/usr/bin/env python
-from setuptools import setup
+from distutils.core import setup
from nftables import NFTABLES_VERSION
setup(name='nftables',
--
2.41.0

BIN
nftables-1.0.8.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
nftables-1.0.8.tar.xz.sig Normal file
View File

Binary file not shown.

376
nftables.changes Normal file
View File

@ -0,0 +1,376 @@
-------------------------------------------------------------------
Fri Jul 14 11:56:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.8
* Support for setting meta and ct mark from other fields in
rules, e.g. set meta mark to ip dscp header field.
* Enhacements for -o/--optimize to deal with NAT statements, to
compact masquerade statements.
* Support for stateful statements in anonymous maps, such as
counters.
* Support for resetting stateful expressions in sets, maps and
elements, e.g. counters.
* broute support to short-circuit bridge logic from the bridge
prerouting hook and pass up packets to the local IP stack.
* JSON support for table and chain comments.
- Added 0001-Revert-py-replace-distutils-with-setuptools.patch
-------------------------------------------------------------------
Mon Mar 13 20:47:53 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.7
* Support for vxlan/geneve/gre/gretap matching
* auto-merge support for partial set element deletion
* Allow for NAT mapping with concatenation and ranges
* Support for quota in sets
-------------------------------------------------------------------
Wed Dec 21 23:47:26 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.6
* Fix bytecode generation for concatenation of intervals where
selectors use different byteorder datatypes, e.g. IPv4
(network byte order).
* Fix match of uncommon protocol matches with raw expressions
* Unbreak insertion of rules with intervals ("sport {
3478-3497, 16384-16387 }")
-------------------------------------------------------------------
Wed Aug 17 19:21:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.0.5:
* Fixes for the -o/--optimize, run this --optimize option to automagically
compact your ruleset using sets, maps and concatenations
* Fix ethernet and vlan concatenations, eg. define a dynamic set which
is populated from the packet path
* Fix ruleset listing with interface wildcard map
* Fix several regressions in the input lexer which broke valid rulesets.
* Fix slowdown with large lists of singleton interval elements.
* Fix set automerge feature for large lists of singleton interval elements.
* Fix bogus error reporting for exact overlaps.
* Fix segfault when adding elements to invalid set.
* fix device parsing in netdev family in json.
-------------------------------------------------------------------
Tue Jun 7 14:55:21 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.4
* Fixed a segfault in -o/--optimize with unsupported statements.
* Bogus datatype mismatch error report in sets was fixed.
-------------------------------------------------------------------
Tue May 31 13:34:12 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.3
* Support for wildcard interface name matching with sets
* Support for runtime auto-merge of set elements.
* Enhancements for the ruleset optimization -o/--optimize
option which allows to coalesce several NAT rules into map.
* Support for raw expressions in concatenations.
* Support for integer type protocol header fields in concatenations.
* Allow to reset TCP options (requires Linux kernel >= 5.18)
- Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
-------------------------------------------------------------------
Tue Feb 22 04:39:01 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.2
* New ruleset optimization -o/--optimize option.
* Support for IP and TCP options and SCTP chunks in sets.
* Support for tcp fastopen, md5sig and mptcp options.
* MP-TCP subtype matching support.
* JSON support for flowtables.
- Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
-------------------------------------------------------------------
Thu Nov 18 22:15:03 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.1
* Reduce memory footprint when loading large sets/maps.
* Speed up reload of large sets/maps.
* Speed up listing of specific tables in large ruleset, e.g.
large ruleset with ~100k lines.
* Speed up --terse option when listing a ruleset large sets/maps.
* Print raw payload expression in hexadecimal, e.g.
"@ll,0,8 & 0x80 == 0x80"
* egress hook support (available since 5.16-rc1).
* Allow matching and update bytes at inner header/payload
offset (available since 5.16-rc1).
-------------------------------------------------------------------
Thu Aug 19 18:06:29 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.0.0
* Catch-all set element support.
* The command-line option --define is now recognized.
* Stateful expressions in maps.
* Allow combination of jhash, symhash and numgen expressions with
the queue statement.
* Allow combination of verdict maps with interval concatenations.
-------------------------------------------------------------------
Tue May 25 23:20:59 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.9
* Flowtable hardware offload support
* Support for the table owner flag.
* 802.1ad (QinQ) support
* cgroupsv2 support.
* match on SCTP packet chunks (dependent on Linux 5.14)
* Allow to use verdict in set/map typeof definitions
-------------------------------------------------------------------
Fri Jan 15 22:28:26 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.8
* Complete support for matching ICMP header content fields.
* Added raw tcp option match support.
* Added ability to check for the presence of any tcp option.
* Support for rejecting traffic from the ingress chain.
-------------------------------------------------------------------
Tue Oct 27 12:08:37 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.7
* Support for implicit chains
* Support for ingress inet chains
* Support for reject from prerouting chain
* Support for --terse option in json
* Support for the reset command with json
-------------------------------------------------------------------
Tue Jun 16 13:37:28 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.6
* Fix two ASAN runtime errors
-------------------------------------------------------------------
Sat Jun 6 12:03:35 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.5
* Support for set counters.
* Support for restoring set element counters via nft -f.
* Counter support for flowtables.
* typeof concatenations support for sets.
* Support for concatenated ranges in anonymous sets.
* Allow to reject packets with 802.1q from the bridge family.
* Support for matching on the conntrack ID.
- Drop anonset-crashfix.patch (upstream solved differently)
-------------------------------------------------------------------
Thu May 7 11:41:07 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Add anonset-crashfix.patch [boo#1171321]
-------------------------------------------------------------------
Wed Apr 1 18:48:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.4
* Add a helper for concat expression handling.
* Add "typeof" build/parse/print support.
-------------------------------------------------------------------
Mon Dec 9 09:39:52 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Add json, python [boo#1158723]
-------------------------------------------------------------------
Tue Dec 3 09:09:28 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to release 0.9.3
* meta: Introduce new conditions "time", "day" and "hour".
* src: add ability to set/get secmarks to/from connection.
* flowtable: add support for named flowtable listing.
* flowtable: add support for delete command by handle.
* json: add support for element deletion.
* Add `-T` as the short option for `--numeric-time`.
* meta: add ibrpvid and ibrvproto support
-------------------------------------------------------------------
Mon Aug 19 12:37:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to new upstream release 0.9.2
* Transport header port matching, e.g. "th dport 53"
* Support for matching on IPv4 options
* Support for synproxy
-------------------------------------------------------------------
Sat Jan 19 20:53:09 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Remove unused dblatex BuildRequires, only needed for the optional
and disabled PDF generation (same contents as shipped manpage).
-------------------------------------------------------------------
Sat Jun 9 07:28:57 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.9.0
* Support to check if packet matches an existing socket.
* Support to limit number of active connections by arbitrary
criteria, such as ip addresses, networks, conntrack zones or
any combination thereof.
* Added support for "audit" logging.
-------------------------------------------------------------------
Fri May 11 07:30:10 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.8.5
* support to add/insert a rule at a given index position
* meter statement now supports a configureable upper max size
* timeouts for sets can now be specified in milliseconds
* re-add iptables-like empty skeleton rulesets
-------------------------------------------------------------------
Wed May 2 06:08:00 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.8.4
* Support to match IPv6 segment routing headers.
* New "meta ibrname" and "meta obrname" arguments to match the
name of the logical bridge a packet is passing through.
These new names replace the old (misnamed) "ibriport"/"obriport".
* `nft -a` will now show handle identifier for all objects,
including tables and chains.
* nft can now delete objects by their handle number.
* Support to update maps from the ruleset (packet path).
* the "--echo" option now prints handle id for tables and
object too.
* `nft -f -` will now read from standard input
* Support for flow tables, cf. man page or
https://lwn.net/Articles/738214/ .
-------------------------------------------------------------------
Sat Mar 3 22:59:01 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.8.3
* raw payload support to match headers that do not yet have
received a mnemonic.
-------------------------------------------------------------------
Sat Feb 3 14:26:36 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.8.2
* add secpath support
-------------------------------------------------------------------
Tue Jan 16 14:16:40 UTC 2018 - jengelh@inai.de
- Update to new upstream release 0.8.1
* This release deprecates the "flow table" syntax in favor
of "meter".
-------------------------------------------------------------------
Fri Oct 13 08:39:41 UTC 2017 - jengelh@inai.de
- Update to new upstream release 0.8
* This release contains new features available up to the
(upcoming) Linux 4.14 kernel release:
* Support for stateful objects, these objects are uniquely
identified by a user-defined name, you can refer to them from
rules, and there is a well established interface to operate
with them.
* Sort set elements when listing them, from lower to largest.
* TCP option matching and mangling support. This includes TCP
maximum segment size mangling.
* Add new "-s" option for listings without stateful information.
* Add new -c/--check option for nft, to tests if your ruleset
loads fine, into the kernel, this is a dry run mode.
* Connection tracking helper support.
* Add --echo option, to print the handle that the kernel
allocates to uniquely identify rules.
* Conntrack zone support
* Symmetric hash support
* Add support to include directories from nft natives scripts,
files are loaded in alphanumerical order.
* Allow to check if IPv6 extension header or TCP option exists
or is missing.
* Extend quota support to display used bytes.
* Add ct average matching, to match average bytes per packet a
connection has transferred so far, to map the existing
feature available in the iptables connbytes match.
* Allow to flush maps and flow tables.
* Allow to embed set definition into an existing set.
* Conntrack event filtering support via rule.
-------------------------------------------------------------------
Tue Dec 20 22:35:41 UTC 2016 - jengelh@inai.de
- Update to new upstream release 0.7
* Add new fib expression, which can be used to obtain the
output interface from the route table based on either source
or destination address of a packet.
* Support hashing of any arbitrary key combination, eg.
* Add number generation support. Useful for round-robin packet
mark setting.
* Add quota support, eg.
* Introduce routing expression, for routing related data with
support for nexthop
* Notrack support, to explicitly skip connection tracking for
matching packets.
* Support to set non-byte bound packet header fields, including
checksum adjustment.
* Add 'create set' and 'create element' commands.
* Allow to use variable reference for set element definitions.
* Allow to use variable definitions from element commands.
* Add support to flush set. You can use this new command to
remove all existing elements in a set.
* Inverted set lookups.
* Honor absolute and relative paths via include file, where:
* Support log flags, to enable logging TCP sequence and options.
* tc classid parser support, eg.
* Allow numeric connlabels, so if connlabel still works with
undefined labels.
-------------------------------------------------------------------
Thu Jun 2 18:31:23 UTC 2016 - jengelh@inai.de
- Update to new upstream release 0.6
* Rules may be replaced now
* Flow table support (requires Linux >= 4.3)
* Support for tracing
* Ratelimiting now supports units like bytes/second.
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
-------------------------------------------------------------------
Thu Sep 17 21:16:31 UTC 2015 - jengelh@inai.de
- Update to new upstream release 0.5
* Support combinations of two or more selectors to build a tuple
* Timeout support for sets
* Dormant flag for tables
* Default chain policy specifiable on creation
-------------------------------------------------------------------
Sat May 23 23:06:12 UTC 2015 - mrueckert@suse.de
- set the url to the project page
- pass --disable-silent-rules to configure to allow gcc post build
check to work
-------------------------------------------------------------------
Tue Dec 16 01:25:00 UTC 2014 - jengelh@inai.de
- Update to new upstream release 0.4
* Since Linux 3.18: support for global ruleset operations
* Since 3.17: full logging support for all the families,
including nfnetlink_log
* 3.16: automatic selection of the optimal set implementation
* 3.14: reject support for ip, ip6 and inet
* 3.18: reject support for bridge, and reject icmpx abstraction
* 3.18: masquerade support
* 3.19: redirect support
* Extend meta to support pkttype, cpu and devgroup matching.
-------------------------------------------------------------------
Fri Jun 27 17:08:46 UTC 2014 - jengelh@inai.de
- Update to new upstream release 0.3
* More compact syntax for the queue action
* Match input and output bridge interface name through "meta
ibriport" and "meta obriport"
* netlink event monitor, to monitor ruleset events, set changes, etc.
* New transaction infrastructure - fully atomic updates for all
object available in the upcoming 3.16.
-------------------------------------------------------------------
Mon Jan 13 09:05:35 UTC 2014 - jengelh@inai.de
- Initial package for build.opensuse.org

64
nftables.keyring Normal file
View File

@ -0,0 +1,64 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
rlbu70nh2kSJrg==
=wukb
-----END PGP PUBLIC KEY BLOCK-----

129
nftables.spec Normal file
View File

@ -0,0 +1,129 @@
#
# spec file for package nftables
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: nftables
Version: 1.0.8
Release: 0
Summary: Userspace utility to access the nf_tables packet filter
License: GPL-2.0-only
Group: Productivity/Networking/Security
URL: https://netfilter.org/projects/nftables/
#Git-Clone: git://git.netfilter.org/nftables
Source: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz
Source2: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz.sig
Source3: %name.keyring
Patch1: 0001-Revert-py-replace-distutils-with-setuptools.patch
BuildRequires: asciidoc
BuildRequires: bison
BuildRequires: flex
BuildRequires: gmp-devel
BuildRequires: libtool
BuildRequires: pkg-config >= 0.21
BuildRequires: python3-base
BuildRequires: pkgconfig(jansson)
BuildRequires: pkgconfig(libedit)
BuildRequires: pkgconfig(libmnl) >= 1.0.4
BuildRequires: pkgconfig(libnftnl) >= 1.2.6
BuildRequires: pkgconfig(xtables) >= 1.6.1
%description
nf_tables is a firewalling mechanism in the Linux kernel, running
independently of and parallel to ip_tables, ip6_tables,
arp_tables and ebtables. nftables is the corresponsing userspace
frontend.
The nftables frontend features support for sets and dictionaries of arbitrary
types, meta data types, atomic incremental and full ruleset updates, and,
similar to iptables, support for different protocols, access to connection
tracking and NAT and logging.
%package -n libnftables1
Summary: nftables firewalling command interface
Group: System/Libraries
%description -n libnftables1
libnftables is the nftables command line interface placed into a
library.
%package devel
Summary: Development files for the nftables command line interface
Group: Development/Libraries/C and C++
Requires: libnftables1 = %version
%description devel
libnftables is the nftables command line interface placed into a
library.
This package contains the header files for the library.
%package -n python3-nftables
Summary: Python interface for nftables
Group: Development/Languages/Python
%description -n python3-nftables
A Python module for nftables.
%prep
%autosetup -p1
%build
autoreconf -fi
mkdir bin
ln -s "%_bindir/docbook-to-man" bin/docbook2x-man
export PATH="$PATH:$PWD/bin"
mkdir obj
pushd obj/
%define _configure ../configure
%configure --disable-silent-rules --disable-static --docdir="%_docdir/%name" \
--includedir="%_includedir/%name" --with-json \
--enable-python --with-python-bin="$(which python3)"
%make_build
popd
%install
b="%buildroot"
%make_install -C obj
rm -f "%buildroot/%_libdir"/*.la
mkdir -p "$b/%_docdir/%name/examples"
mv -v "$b/%_datadir/nftables"/*.nft "$b/%_docdir/%name/examples/"
%post -n libnftables1 -p /sbin/ldconfig
%postun -n libnftables1 -p /sbin/ldconfig
%files
%license COPYING
%_sysconfdir/nftables/
%_sbindir/nft
%_mandir/man5/*.5*
%_mandir/man8/nft*
%_docdir/%name/
%files -n libnftables1
%_libdir/libnftables.so.1*
%files devel
%_includedir/%name/
%_libdir/libnftables.so
%_libdir/pkgconfig/*.pc
%_mandir/man3/*.3*
%files -n python3-nftables
%python3_sitelib/nftables*
%changelog