OpenWrt nftables firewall https://git.openwrt.org/project/firewall4/atom?h=master 2022-09-01T09:32:27Z 2022-09-01T09:32:27Z Jo-Philipp Wich 2022-09-01T09:31:38Z urn:sha1:695e8211d1d02a2274f4bbf51c9017d4b29b653e The README swapped the meaning of the `ruleset-pre`/`ruleset-post` and `table-pre`/`table-post` include directories. Ref: https://forum.openwrt.org/t/x/135594/174 Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2022-08-12T12:35:58Z Jo-Philipp Wich 2022-08-11T11:48:14Z urn:sha1:a4484d4612931800583a7219271b63224491244c Introduce a new directory tree /usr/share/nftables.d/ which may contain partial nftables files being included into the rendered ruleset. The include position is derived from the file path; - Files in .../nftables.d/table-pre/ and .../nftables.d/table-post/ are included before and after the `table inet fw4 { ... }` declaration respectively - Files in .../nftables.d/ruleset-pre/ and .../nftables.d/ruleset-post/ are included before the first chain and after the last chain declaration within the fw4 table respectively - Files in .../nftables.d/chain-pre/${chain}/ and .../chain-post/${chain}/ are included before the first and after the last rule within the mentioned chain of the fw4 table respectively Automatic includes can be disabled by setting the `auto_includes` option to `0` in the global defaults section. Also adjust testcases accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>