Package init

nftables.conf

@@ -0,0 +1,14 @@
+#
+# This this will contain your nftables rules and
+# is read by the systemd service when restarting
+#
+# These provide an iptables like set of filters
+# (uncomment to include)
+# include "/etc/nftables/bridge-filter"
+# include "/etc/nftables/inet-filter"
+# include "/etc/nftables/ipv4-filter"
+# include "/etc/nftables/ipv4-mangle"
+# include "/etc/nftables/ipv4-nat"
+# include "/etc/nftables/ipv6-filter"
+# include "/etc/nftables/ipv6-mangle"
+# include "/etc/nftables/ipv6-nat"

nftables.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Netfilter Tables
+Documentation=man:nft(8)
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ProtectSystem=full
+ProtectHome=true
+ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
+ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
+ExecStop=/sbin/nft flush ruleset
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

nftables.spec

@@ -0,0 +1,81 @@
+Name:           nftables
+Version:        0.9.0
+Release:        3
+Epoch:          1
+Summary:        A subsystem of the Linux kernel processing network data
+License:        GPLv2
+URL:            https://netfilter.org/projects/nftables/
+Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
+Source1:        nftables.service
+Source2:        nftables.conf
+
+BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
+
+%description
+nftables is a subsystem of the Linux kernel providing filtering and classification of\
+network packets/datagrams/frames. 
+
+%package        devel
+Summary:        Development library for nftables / libnftables
+Requires:       %{name} = %{epoch}:%{version}-%{release}  pkgconfig
+
+%description devel
+Development tools and static libraries and header files for the libnftables library.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version}
+
+%build
+%configure --disable-silent-rules
+%make_build
+
+%install
+%make_install
+%delete_la
+
+chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*
+
+install -d $RPM_BUILD_ROOT/%{_unitdir}
+cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/
+
+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
+cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
+
+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
+
+%post
+%systemd_post nftables.service
+
+%preun
+%systemd_preun nftables.service
+
+%postun
+%systemd_postun_with_restart nftables.service
+
+%ldconfig_scriptlets devel
+
+%files
+%defattr(-,root,root)
+%license COPYING
+%config(noreplace) %{_sysconfdir}/nftables/
+%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
+%{_sbindir}/nft
+%{_libdir}/*.so.*
+%{_unitdir}/nftables.service
+
+%files devel
+%defattr(-,root,root)
+%{_includedir}/nftables/libnftables.h
+%{_libdir}/*.a
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+%files help
+%defattr(-,root,root)
+%{_mandir}/man8/nft*
+
+%changelog
+* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:0.9.0-3
+- Package init