meta-google/recipes-google/nftables/files/nft-configure.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

#!/bin/bash
shopt -s nullglob
declare -A basemap=()
i=0
for dir in /run/nftables /etc/nftables /usr/share/nftables; do
  for file in "$dir"/*.rules; do
    basemap["${file##*/}$i"]="$file"
  done
  let i+=1
done

rules=""
trap 'rm -f -- "$rules"' TERM INT EXIT ERR
rules="$(mktemp)" || exit
echo 'flush ruleset' >"$rules"
for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do
  echo "Loading ${basemap[$key]}" >&2
  echo '' >>"$rules"
  cat "${basemap[$key]}" >>"$rules"
done
nft -f "$rules" || exit