summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/README.Debian42
-rw-r--r--debian/changelog647
-rw-r--r--debian/clean1
-rw-r--r--debian/control106
-rw-r--r--debian/copyright493
-rw-r--r--debian/examples/README13
-rwxr-xr-xdebian/examples/nat.nft30
-rwxr-xr-xdebian/examples/overview.nft56
-rw-r--r--debian/examples/sysvinit/README14
-rw-r--r--debian/examples/sysvinit/nftables.init122
-rwxr-xr-xdebian/examples/workstation.nft25
-rw-r--r--debian/gbp.conf5
-rw-r--r--debian/gitlab-ci.yml6
-rw-r--r--debian/libnftables-dev.examples1
-rw-r--r--debian/libnftables-dev.install3
-rw-r--r--debian/libnftables1.install1
-rw-r--r--debian/libnftables1.lintian-overrides1
-rw-r--r--debian/libnftables1.manpages2
-rw-r--r--debian/libnftables1.symbols32
-rw-r--r--debian/nftables.conf15
-rw-r--r--debian/nftables.examples4
-rw-r--r--debian/nftables.install2
-rw-r--r--debian/nftables.links1
-rw-r--r--debian/nftables.lintian-overrides1
-rw-r--r--debian/nftables.manpages1
-rw-r--r--debian/nftables.service20
-rw-r--r--debian/not-installed1
-rwxr-xr-xdebian/rules46
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/options2
-rw-r--r--debian/tests/control20
-rw-r--r--debian/tests/internaltest-monitor.sh14
-rw-r--r--debian/tests/internaltest-py.sh12
-rw-r--r--debian/tests/internaltest-shell.sh13
-rw-r--r--debian/tests/systemd-service-test.sh72
-rw-r--r--debian/upstream/signing-key.asc52
-rw-r--r--debian/watch3
37 files changed, 1880 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..7f13097
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,42 @@
+How to start
+============
+
+The nftables Debian package gives you access to the 'nft' utility.
+There is another component, in the kernel, which is the nf_tables subsystem.
+From the nft utility you control which rules are loaded into the kernel.
+
+The Debian package comes with some example ruleset you may use as a starting
+point. Check them at /usr/share/doc/nftables/examples/
+
+Extensive online documentation is available at:
+
+ https://wiki.nftables.org
+
+The default rules file in debian is /etc/nftables.conf
+
+Some basic commands
+===================
+
+Try these basic commands to know more about nftables on your machine:
+
+user@debian:~$ sudo nft list ruleset
+user@debian:~$ sudo nft flush ruleset
+user@debian:~$ sudo nft add table inet filter
+user@debian:~$ sudo nft add chain inet filter input { type filter hook input priority 0 \; policy drop }
+user@debian:~$ sudo nft add rule inet filter input ct state established counter accept
+user@debian:~$ sudo nft list ruleset
+
+System service (auto-load at boot)
+==================================
+
+This package includes a pre-configured systemd service file which you can
+optionally enable to auto-load your firewall at boot time.
+
+user@debian:~$ sudo systemctl enable nftables.service
+
+Migrating from iptables
+=======================
+
+Please read the docs at:
+
+ https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..d1acb70
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,647 @@
+nftables (1.0.9-1) unstable; urgency=medium
+
+ [ Jeremy Sowden ]
+ * [cceedbd] d/clean: add Python egg-info directory
+ * [26632e8] Use the upstream man-pages
+ * [7ace353] d/control: remove unused bison & flex build-deps
+
+ [ Arturo Borrero Gonzalez ]
+ * [83ff316] New upstream version 1.0.9
+ * [0b04e55] d/patches: drop patches integrated upstream
+ * [f6b44a9] d/libnftables1.symbols: refresh file
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 19 Oct 2023 16:11:15 +0200
+
+nftables (1.0.8-1) unstable; urgency=medium
+
+ [ Arturo Borrero Gonzalez ]
+ * [d80034c] d/upstream/signing-key.asc: refresh key
+ * [1cdf229] Revert "d/watch: use `pgpmode=auto`"
+ * [d13e924] New upstream version 1.0.8
+ * [f6e0491] d/patches: drop 0001-debian-bug-1038724.patch
+ * [464cb02] d/control: bump build-dep on libnftnl
+ * [1d65f36] d/control: add python3-setuptool build-dep
+ * [6b96c7c] d/patches: add 0001-py.patch
+
+ [ Jeremy Sowden ]
+ * [a8248a9] d/u/signing-key.asc: minimize key
+ * [243be3f] d/*.lintian-overrides: override typo false positives
+ * [cfe1e5a] d/rules: in-line configure options
+ * [242e961] d/rules: explicitly build python3 module
+ * [fbd4ae9] d/patches: add upstream patches to add pyproject.toml support
+ * [0b62d3e] d/control: add build-dep on pybuild-plugins-pyproject
+
+ -- Jeremy Sowden <jeremy@azazel.net> Thu, 03 Aug 2023 14:55:28 +0100
+
+nftables (1.0.7-2) unstable; urgency=medium
+
+ * [800ca9f] d/patches: add 0001-debian-bug-1038724.patch (Closes: #1038724)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 20 Jun 2023 17:09:27 +0200
+
+nftables (1.0.7-1) unstable; urgency=medium
+
+ * [5012323] New upstream version 1.0.7
+ * [5965017] d/patches: drop invalid-octal-fix.patch
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 14 Mar 2023 12:36:06 +0100
+
+nftables (1.0.6-2) unstable; urgency=medium
+
+ [ Jeremy Sowden ]
+ * [5e89bdc] d/patches: add patch to fix handling of invalid octal strings
+ (Closes: #932880)
+ * [df007f6] d/control: bump Standards-Version to 4.6.2
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Sun, 29 Jan 2023 12:33:00 +0100
+
+nftables (1.0.6-1) unstable; urgency=medium
+
+ * [41c144c] d/gbp.conf: make pristine-tar config the default
+ * [69ab9ff] d/watch: refresh tarball extension, use tar.xz
+ * [d6a12b6] New upstream version 1.0.6 (Closes: #932877)
+ * [5bff90c] src:nftables: bump build-dep version libnftnl to 1.2.4
+ * [19569e2] d/patches: drop all patches
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 22 Dec 2022 12:14:49 +0100
+
+nftables (1.0.5-2) unstable; urgency=medium
+
+ [ Jeremy Sowden ]
+ * [14670b7] d/control: bump Standards-Version to 4.6.1
+ * [accc8cd] d/patches: add patch to fix listing of sets containing
+ unclosed prefix intervals (closes: #1018156)
+ * [f42c641] d/patches: add patch to fix typo's
+ * [46b0bd9] d/rules: `override_dh_fixperms` -> `execute_after_dh_fixperms`
+ * [b639b39] d/rules: fix non-reproducible dates in man-pages
+
+ [ Helmut Grohne ]
+ * [9b4c211] nftables: fix FTCBFS: B-D on a native python (Closes: #1022965)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 03 Nov 2022 10:34:20 +0100
+
+nftables (1.0.5-1) unstable; urgency=medium
+
+ * [882aebc] New upstream version 1.0.5
+ * [d1e9d3f] src:nftables: bump build-dep on libnftnl-dev
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 10 Aug 2022 13:29:18 +0200
+
+nftables (1.0.4-2) unstable; urgency=medium
+
+ * [9e654e0] d/nftables.conf: use named priorities
+ * [0e9757f] d/u/signing-key.asc: minimize signing key
+ * [49d2aee] d/libnftables1.symbols: add `Build-Depends-Package` field
+ * [1a50850] d/control: set R³: no.
+ * [1699c66] d/control: add myself to uploaders.
+ * [cd9f31f] d/watch: use HTTPS URL
+ * [a6a05b6] d/watch: use `pgpmode=auto`
+ * [072624b] d/gbp.conf: buildpackage, import-orig: enable `pristine-tar`
+ * [92a12a3] d/gbp.conf: dch: set `id-length`
+ * [6ad5a0b] d/not-installed: remove static archive
+ * [c53e37d] d/rules: remove obsolete dh_installinit override
+ * [fb41a26] d/rules: move dh_auto_configure override
+ * [59c9317] d/rules: include architecture.mk
+ * [8f18fcd] d/rules: pass `--restart-after-upgrade` to dh_installsystemd
+ (closes: #1012613)
+ * [f9d8a42] d/copyright: remove obsolete files
+ * [75426a2] d/changelog: wrap long line
+
+ -- Jeremy Sowden <jeremy@azazel.net> Sun, 19 Jun 2022 18:04:19 +0100
+
+nftables (1.0.4-1) unstable; urgency=medium
+
+ [ Christian Ehrhardt ]
+ * [8b15f04] Fix version map usage and add symbols file
+ (Closes: #1007888 LP: #1965464)
+
+ [ Arturo Borrero Gonzalez ]
+ * [527715a] New upstream version 1.0.4
+ * [929b673] d/patches: drop all patches
+ * [1a1a7e5] d/control: bump build-dep on libnftnl
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 08 Jun 2022 00:59:59 +0200
+
+nftables (1.0.2-1) unstable; urgency=medium
+
+ [ Arturo Borrero Gonzalez ]
+ * d/examples/workstation.nft: update icmpv6 example (Closes: #1000407)
+
+ [ Sven Strickroth ]
+ * Add rules for ICMPv6 packets which must not be dropped
+
+ [ Arturo Borrero Gonzalez ]
+ * New upstream version 1.0.2
+ * d/patches: add 0001-examples-compile.patch
+ * libnftables-dev: include some code examples
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 23 Feb 2022 12:30:25 +0100
+
+nftables (1.0.1-1) unstable; urgency=medium
+
+ [ Jenkins ]
+ * [5be1165] Remove constraints unnecessary since buster
+
+ [ Arturo Borrero Gonzalez ]
+ * [ddc89dc] nftables: recommend netbase (Closes: #995343)
+ * [1187467] src:nftables: bump std-version to 4.6.0
+ * [ca1f8ef] d/copyright: refresh reference to libnftables.h
+ * [6d3871a] New upstream version 1.0.1
+ * [48ae700] src:nftables: bump build-dep on libnftnl to 1.2.1
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 19 Nov 2021 14:59:06 +0100
+
+nftables (1.0.0-1) unstable; urgency=medium
+
+ * [3d9fb4f] New upstream version 1.0.0
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Sat, 04 Sep 2021 18:45:41 +0200
+
+nftables (0.9.9-1~exp1) experimental; urgency=medium
+
+ * [8f1a46c] src:nftables: run wrap-and-sort
+ * [5d16ed2] python3-nftables: add Depends on python3-jsonschema
+ * [b63b60f] New upstream version 0.9.9
+ * [45dd54e] src:nftables: bump build-dep on libnftnl to 1.2.0
+ * [ffc9a3f] examples: relocate some upstream files
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 26 May 2021 12:32:25 +0200
+
+nftables (0.9.8-3) unstable; urgency=medium
+
+ * [94a6c9b] src:nftables: add docbook-xsl again as build-dep.
+ Thanks to Michael Biebl for the suggestion (Closes: #981641)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 02 Feb 2021 17:25:57 +0100
+
+nftables (0.9.8-2) unstable; urgency=medium
+
+ [ Helmut Grohne ]
+ * [4eb3236] src:nftables: reduce Build-Depends (Closes: #981206)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 27 Jan 2021 18:04:11 +0100
+
+nftables (0.9.8-1) unstable; urgency=medium
+
+ * [ccb440d] New upstream version 0.9.8
+ Closes: #944759
+ Closes: #933621
+ Closes: #932878
+ * [fb3429c] src:nftables: bump build-dep on libnftnl to 1.1.9
+ * [1539707] src:nftables: bump std-version to 4.5.1
+ * [48ea92d] src:nftables: switch to libeditreadline (Closes: #979103)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Sun, 17 Jan 2021 18:48:39 +0100
+
+nftables (0.9.7-1) unstable; urgency=medium
+
+ * [8813565] d/t/control: mark nft -h test as superficial (Closes: #969851)
+ * [2a29c4f] d/upstream/signing-key.asc: refresh
+ * [eaf8b7f] New upstream version 0.9.7
+ * [80c259b] src:nftables: bump build-dep on libnftnl to 1.1.8
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 28 Oct 2020 16:01:29 +0100
+
+nftables (0.9.6-1) unstable; urgency=medium
+
+ * [e2f26f2] New upstream version 0.9.6 (Closes: #962909)
+ * [a203bd9] nftables: bump libmnl build-dep version to 1.0.4
+ * [e7a683f] tests: only run them with kernels >= 5.x
+ * [517865d] src:nftables: bump std-version to 4.5.0
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 16 Jun 2020 10:46:53 +0200
+
+nftables (0.9.5-1) unstable; urgency=medium
+
+ * [15ebe06] New upstream version 0.9.5
+ * [1cc07ee] build-deps: bump libnftnl requirement to 1.1.7
+ * [34f7c95] src:nftables: bump debhelper compat level to 13
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 08 Jun 2020 11:11:53 +0200
+
+nftables (0.9.4-1) unstable; urgency=medium
+
+ * [41441b9] New upstream version 0.9.4
+ * [9de28bb] d/patches: drop 0001-upstream-py-load-soname.patch
+ * [7c044e8] src:nftables: bump build-dep on libnftnl to 1.1.6
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 02 Apr 2020 12:30:12 +0200
+
+nftables (0.9.3-2) unstable; urgency=medium
+
+ [ Debian Janitor ]
+ * Use secure URI in Homepage field.
+ * Set debhelper-compat version in Build-Depends.
+ * Re-export upstream signing key without extra signatures.
+ * debian/copyright: use spaces rather than tabs to start continuation
+ lines.
+ * Drop unnecessary dependency on dh-autoreconf.
+ * Use canonical URL in Vcs-Git.
+
+ [ Chris Lamb ]
+ * [24184a4] nftables: don't install example Makefile (Closes: #946332)
+
+ [ Arturo Borrero Gonzalez ]
+ * [7d2cf78] d/patches: add 0001-upstream-py-load-soname.patch
+ (Closes: #946219)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 17 Dec 2019 13:49:23 +0100
+
+nftables (0.9.3-1) unstable; urgency=medium
+
+ * This release was packaged and uploaded to Debian while on a 300km/h train.
+ Hope it works :-)
+ * [01e140c] New upstream version 0.9.3
+ Closes: #944669
+ Closes: #916863
+ * [1674c79] src:nftables: bump build-dep version on linftnl
+ * [7074517] d/patches: drop patches included in latest upstream release
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 03 Dec 2019 14:03:14 +0100
+
+nftables (0.9.2-2) unstable; urgency=medium
+
+ [ Konstantin Demin ]
+ * [9c626fc] d/rules: build less verbose if requested
+
+ [ Arturo Borrero Gonzalez ]
+ * [ba5d4d0] nftables: add Suggests: firewalld
+ * [f8bea94] nftables: add upstream patches to address firewalld testsuite
+ failures (Closes: #939838)
+ * [35f35af] src:nftables: bump std-version to 4.4.1
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 09 Oct 2019 19:40:31 +0200
+
+nftables (0.9.2-1) unstable; urgency=medium
+
+ * [d29de9d] New upstream version 0.9.2
+ * [27aa9aa] src:nftables: bump build-dep on libnftnl to 1.1.4
+ * [2b73890] src:nftables: drop all patches, now included in upstream source
+ * [4ff7527] d/rules: make build more verbose by default
+ * [990710e] nftables: include more upstream example files
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 28 Aug 2019 13:22:32 +0200
+
+nftables (0.9.1-3) unstable; urgency=medium
+
+ * [609ee76] d/README.Debian: refresh file
+ * [3255aaa] src:nftables: run wrap-and-sort
+ * [5337001] nftables: raise package priority to important
+ * [09b720f] src:nftables: add docbook-xsl build-dep
+ * [9db946c] src:nftables: bump debhelper compat to 12
+ * [4f0bb1d] nftables.maintscript: introduce file
+ * [1b54808] d/patches: add BE fixtures (Closes: #934740)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 15 Aug 2019 15:01:49 +0200
+
+nftables (0.9.1-2) unstable; urgency=medium
+
+ * [9dc1bd1] d/control: bump std-version to 4.4.0
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 10 Jul 2019 11:19:29 +0200
+
+nftables (0.9.1-1~exp1) experimental; urgency=medium
+
+ * [683e6f1] src:nftables: add salsa CI support
+ * [23e5163] d/watch: add missing line break
+ * [b6500d8] d/upstream/signing-key.asc: refresh key
+ * [b326349] New upstream version 0.9.1
+ * [bf731ca] d/patches: drop reproducible.patch
+ * [29aa197] nftables: refresh build-dep for documentation
+ * [9d4cbf9] nftables: bump libnftnl build-dep version requirement
+ * [6d3bbe5] d/patches: add build_docs.patch
+ * [d041ac8] nftables-dbg: drop debug symbol migration relationship depends
+ * [b1c680a] libnftables: bump SONAME from 0 to 1
+ * [8f39f4d] libnftables1: include additional manpages
+ * [40f70bf] d/copyright: refresh file
+ * [edb2911] python3-nftables: introduce new binary package
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 26 Jun 2019 13:43:47 +0200
+
+nftables (0.9.0-2) unstable; urgency=medium
+
+ * [0509603] d/t/control: mark internaltest-shell.sh as flaky (Closes: #903083)
+ * [79434be] d/t: run monitor testsuite
+ * [9b254aa] nftables: enable JSON support
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 03 Dec 2018 14:11:14 +0100
+
+nftables (0.9.0-1) unstable; urgency=medium
+
+ * [d1ad0df] d/t/internaltest-shell.sh: use installed nft binary
+ * [b857e27] d/control: add multiarch support for both libnftables0 and
+ libnftables-dev
+ * [94ba918] New upstream version 0.9.0
+ * [b76ced6] d/control: bump build-dep on libnftnl
+ * [f4bbe12] d/control: bump std-versions to 4.1.4
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Sat, 09 Jun 2018 14:47:07 +0200
+
+nftables (0.8.5-1) unstable; urgency=medium
+
+ * [c135598] d/t/control: disable internaltest-py.sh
+ * [c64af79] d/control: bump libnftnl buld-dep version to 1.1.0
+ (Closes: #898538)
+ * [6c014f1] New upstream version 0.8.5
+ * [bc3bf1c] d/patches/: drop rename_libnftables_h.patch
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 15 May 2018 10:54:19 +0200
+
+nftables (0.8.4-1) unstable; urgency=medium
+
+ * [7c20e29] New upstream version 0.8.4
+ * [4d1ae20] libnftables: introduce binary packages
+ * [fe2897f] d/copyright: refresh with libnftables
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 03 May 2018 19:46:30 +0200
+
+nftables (0.8.3-1) unstable; urgency=medium
+
+ * [2cc4fde] New upstream version 0.8.3
+ * [b2ad2f6] nftables: refresh example files
+ * [680e9d0] d/rules: use dh_installsystemd
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Sun, 04 Mar 2018 22:01:25 +0100
+
+nftables (0.8.2-1) unstable; urgency=medium
+
+ [ Helmut Grohne ]
+ * [159958f] d/rules: use dh_auto_configure (Closes: #888715)
+
+ [ Arturo Borrero Gonzalez ]
+ * [66b45dd] New upstream version 0.8.2
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 02 Feb 2018 19:57:44 +0100
+
+nftables (0.8.1-1) unstable; urgency=medium
+
+ * [46be8e1] d/control: update git URLs
+ * [77d8cc2] New upstream version 0.8.1
+ * [57c711b] d/control: bump build-dep on libnftnl
+ * [517ecd2] d/control: bump std-version to 4.1.3
+ * [bc590c4] d/compat: bump dh compat to 11
+ * [68fbe65] d/copyright: use HTTPS in the URL
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 17 Jan 2018 14:55:14 +0100
+
+nftables (0.8-2) unstable; urgency=medium
+
+ * [95b5638] d/t/internaltest-py.sh: enable test, dummy module not required
+ * [a5f037d] d/control: bump build-dep version on libxtables to 1.6.1.
+ Thanks to James Clarke for the report.
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 27 Nov 2017 13:07:24 +0100
+
+nftables (0.8-1) unstable; urgency=medium
+
+ [ Alexander Greiner-Bär ]
+ * [4157de9] nftables.service: use correct order in systemd unit file
+ (Closes: #873856)
+
+ [ Arturo Borrero Gonzalez ]
+ * [311b618] New upstream version 0.8
+ * [b38f21a] d/control: bump libnftnl dependency to 1.0.8
+ * [19f5962] d/control: bump std-version to 4.1.1
+ * [7d95221] d/watch: ignore nftables upstream version 0.100 and 0.099
+ * [da499c0] d/control: update package description
+ * [734076e] nftables: update package documentation
+ * [8883735] d/copyright: refresh file
+ * [c5af3f3] d/control: drop old depends of dh- packages
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 18 Oct 2017 01:00:05 +0200
+
+nftables (0.7-2) unstable; urgency=medium
+
+ [ Arturo Borrero Gonzalez ]
+ * [058867f] d/control: move package to pkg-netfilter
+
+ [ Martin Dickopp ]
+ * [bf9bd6e] nftables.service: load firewall earlier in the boot process
+ (Closes: #866902)
+
+ [ Arturo Borrero Gonzalez ]
+ * [772f6ea] d/control: bump std-version to 4.0.0
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 03 Jul 2017 09:23:22 +0200
+
+nftables (0.7-1) unstable; urgency=medium
+
+ * [c7b6524] New upstream version 0.7
+ * [b061528] nftables: switch to debhelper compat 10
+ * [33238bc] nftables-dbg: switch to -dbgsym package
+ * [4d838e4] d/control: bump dependency on libnftnl
+ * [0fac534] d/control: refresh kernel version reference in nftables
+ description
+ * [625229a] d/rules: enable hardening
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 22 Dec 2016 11:21:01 +0100
+
+nftables (0.6+snapshot20161117-2) unstable; urgency=medium
+
+ * [078c41a] d/tests/: disable internaltest-py.sh
+ * [0560a63] nftables-dbg: use Multi-Arch: same
+ * [f2ace74] nftables: don't use libxtables11
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 23 Nov 2016 12:43:46 +0100
+
+nftables (0.6+snapshot20161117-1) unstable; urgency=medium
+
+ * [2540606] New upstream version 0.6+snapshot20161117
+ * [8879bd0] d/control: bump build-dep on libnftnl 1.0.6+snapshot20161117
+ * [f90e51c] nftables: enable libxtables integration
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 17 Nov 2016 11:30:33 +0100
+
+nftables (0.6-3) unstable; urgency=medium
+
+ * [c4cacdd] d/: update email address to 'arturo@debian.org'
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 10 Oct 2016 11:10:16 +0200
+
+nftables (0.6-2) unstable; urgency=medium
+
+ * [2ff280b] d/tests/systemd-service-test.sh: dont use echo in the
+ initial warning
+ * [89a01ba] d/tests/internaltests-shell.sh: dont' run testsuite if
+ kernel is < 4.x
+ * [59e6ac2] d/nftables.{postinst,postrm,preinst}: gracefully delete
+ /etc/init.d/nftables (Closes: #833078)
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 01 Aug 2016 12:26:56 +0200
+
+nftables (0.6-1) unstable; urgency=medium
+
+ * [5564626] Imported Upstream version 0.6
+ * [65ce938] d/control: bump dependency version on libnftnl
+ * [2127d04] d/control: adjust dependecy on libmnl 1.0.3
+ * [d18e174] d/control: point to linux 4.7 in package descriptions
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 03 Jun 2016 10:31:34 +0200
+
+nftables (0.5+snapshot20160509-1) unstable; urgency=medium
+
+ * [5a7c867] d/tests/internaltests-py.sh: run testsuite with installed
+ binary
+ * [b2282c4] d/tests/systemd-service-test.sh: don't run tests if old
+ kernel is present
+ * [b389985] Imported Upstream version 0.5+snapshot20160509
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 09 May 2016 13:58:32 +0200
+
+nftables (0.5+snapshot20160426-1) unstable; urgency=medium
+
+ * [955e138] d/tests/systemd-service-test.sh: adapt script to
+ ci.debian.net
+ * [ad1699a] Imported Upstream version 0.5+snapshot20160426
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 26 Apr 2016 11:01:18 +0200
+
+nftables (0.5+snapshot20160419-3) unstable; urgency=medium
+
+ * [f1d8880] d/control: bump standars-version to 3.9.8
+ * [65bae17] d/tests: add systemd-service-test.sh
+ * [e2e4cd7] d/tests: include script extension in file names
+ * [fd16851] d/: gracefully delete old config files from /etc/nftables
+ (Closes: #822239)
+ * [af57b91] d/rules: prevent dh_installinit to act on
+ /etc/init.d/nftables
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 25 Apr 2016 11:37:00 +0200
+
+nftables (0.5+snapshot20160419-2) unstable; urgency=medium
+
+ * [cf22dca] d/tests/control: internaltests-shell requires kmod
+ * [dd847bb] d/README.Debian: fix several typos
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 20 Apr 2016 17:25:50 +0200
+
+nftables (0.5+snapshot20160419-1) unstable; urgency=medium
+
+ * [88b9c37] d/rules: don't add /etc/nftables/ dir to 'nftables' binary package
+ * [e0472f0] sysvinit: the init script is now just an example
+ * [f89907b] examples: restore upstream examples
+ * [8228918] d/nftables.examples: cleanup leftover line regarding upstream
+ examples
+ * [0655029] nftables.conf: provide a skeleton firewall and use the old one as
+ example (Closes: #804648)
+ * [dc504e4] examples/syntax/README: point to the nftables wiki
+ * [ecd9257] examples/syntax/nat: add new example file
+ * [406baf9] examples/syntax/: add a new example file: overview
+ * [3fa3d3e] d/control: bump standards to 3.9.7
+ * [79a8520] Imported Upstream version 0.5+snapshot20160419
+ * [775f2af] d/control: get rid of XS-Testsuite
+ * [9ac90db] d/control: change Vcs-git from git:// to https://
+ * [b4b8ee7] d/control: bump dependency with libnftnl
+ * [9e6b0eb] d/tests: run internal nftables tests (shell)
+ * [f8e3da1] d/tests: run internal nftables tests (py)
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 20 Apr 2016 12:00:22 +0200
+
+nftables (0.5+snapshot20151106-1) unstable; urgency=medium
+
+ * [bd1e71f] Imported Upstream version 0.5+snapshot20151106
+ * [b7e3c39] d/control: bump build-dep on libnftnl
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 06 Nov 2015 13:32:49 +0100
+
+nftables (0.5-2) unstable; urgency=medium
+
+ * [92938c3] d/rules: get rid of useless commented line
+ * [a04a737] d/: add nftables-dbg binary package
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 13 Oct 2015 14:03:25 +0200
+
+nftables (0.5-1) unstable; urgency=medium
+
+ * [007a8d0] Imported Upstream version 0.5
+ * [9a90c87] d/control: nftables 0.5 requires libnftnl >= 1.0.5
+ * [17fdcc1] d/control: update nftables description: linux 4.2 recommended
+ * [a473529] d/copyright: update file to include latest changes in v0.5
+ * [4a9deac] d/copyright: drop copyright for debian/*
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 18 Sep 2015 11:44:21 +0200
+
+nftables (0.4-7) unstable; urgency=medium
+
+ [ Vincent Blut ]
+ * [0fc181f] d/copyright: fix missing doc/nft.xml license (Closes: #795096)
+
+ [ Arturo Borrero Gonzalez ]
+ * [ae662e4] d/rules: drop get-orig-source code
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 17 Aug 2015 11:20:15 +0200
+
+nftables (0.4-6) unstable; urgency=medium
+
+ * [4f9fbf0] d/tests/control: add restriction to run test as root
+ * [be594d3] nftables.conf: improve icmpv6 support
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 15 May 2015 12:53:09 +0200
+
+nftables (0.4-5) unstable; urgency=medium
+
+ * [231244a] sysvinit: don't start the service by default
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 06 May 2015 11:56:10 +0200
+
+nftables (0.4-4) unstable; urgency=medium
+
+ * [c8b825e] /etc/init.d/nftables: fix inverted logic in status op.
+ Thanks to Manolo Diaz for the fast report (Closes: #783608)
+ * [2105ccb] source: make the build reproducible
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 05 May 2015 12:15:33 +0200
+
+nftables (0.4-3) unstable; urgency=medium
+
+ * [d42d50f] d/nftables.init: doesn't require networking to stop
+ * [ceee9cb] d/nftables.service: the service is of Type=oneshot
+ * [8415993] d/nftables.init: fix bashism in status operation.
+ Thanks to Manolo Diaz for the bug report (Closes: #775875)
+ * [a0e197a] d/tests: add basic autopkgtest support
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 20 Mar 2015 21:27:46 +0100
+
+nftables (0.4-2) unstable; urgency=medium
+
+ * Both a /etc/init.d/nftables and a nftables.service files are distributed
+ for admins to easily make nftables theirs system firewalls.
+ * [2237bad] d/nftables.examples: only ship upstream examples, not in
+ /etc/nftables
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 09 Jan 2015 14:59:47 +0100
+
+nftables (0.4-1) unstable; urgency=medium
+
+ * [b187410] d/control: bump standars to 3.9.6
+ * [2021272] Imported Upstream version 0.4 (Closes: #773401)
+ * [8b73e74] d/patches/: drop all v0.3 patches
+ * [bff758e] d/control: depends on libnftnl >= 1.0.3
+ * [0e2023b] d/copyright: put more general statement first
+ * [b382dff] d/rules: fix perms of files under /etc/nftables
+ * [96252e6] d/rules: disable silent rules
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 22 Dec 2014 10:33:33 +0100
+
+nftables (0.3-1) unstable; urgency=medium
+
+ * [3a4f54a] d/patches: patch to harden the build
+ * [b6c82d5] Imported Upstream version 0.3
+ * [98e5eb7] d/control: depends on libnftnl >= 1.0.2
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 25 Jun 2014 19:02:59 +0200
+
+nftables (0.2-2) unstable; urgency=low
+
+ * [6aa52bf] d/README.Debian: fix Patrick McHardy name
+ * [ca0e8ba] d/nftables.links: fix broken links file
+ * [7492a48] d/rules: delete override for dh_auto_test
+ * [1aca9dd] d/patches: improve verbose_build.patch
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 27 May 2014 11:14:48 +0200
+
+nftables (0.2-1) unstable; urgency=low
+
+ * Initial release (Closes: #522176)
+
+ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 09 May 2014 19:22:44 +0100
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..e8a6465
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1 @@
+py/nftables.egg-info/
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..716fd8d
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,106 @@
+Source: nftables
+Section: net
+Priority: important
+Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-team@lists.alioth.debian.org>
+Uploaders: Arturo Borrero Gonzalez <arturo@debian.org>,
+ Jeremy Sowden <jeremy@azazel.net>
+Build-Depends: automake,
+ debhelper-compat (= 13),
+ dh-python,
+ libeditreadline-dev,
+ libgmp-dev,
+ libjansson-dev,
+ libmnl-dev,
+ libnftnl-dev (>= 1.2.6),
+ libtool,
+ libxtables-dev,
+ pybuild-plugin-pyproject,
+ python3-all:any,
+ python3-setuptools
+Rules-Requires-Root: no
+Standards-Version: 4.6.2
+Homepage: https://www.netfilter.org/
+Vcs-Git: https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git
+Vcs-Browser: https://salsa.debian.org/pkg-netfilter-team/pkg-nftables
+
+Package: nftables
+Architecture: linux-any
+Depends: libnftables1 (=${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
+Recommends: netbase
+Suggests: firewalld
+Description: Program to control packet filtering rules by Netfilter project
+ This software provides an in-kernel packet classification framework that is
+ based on a network-specific Virtual Machine (VM) and the nft userspace
+ command line tool. The nftables framework reuses the existing Netfilter
+ subsystems such as the existing hook infrastructure, the connection tracking
+ system, NAT, userspace queueing and logging subsystem.
+ .
+ nftables replaces the old popular iptables, ip6tables, arptables and ebtables.
+ .
+ Netfilter software and nftables in particular are used in applications such
+ as Internet connection sharing, firewalls, IP accounting, transparent
+ proxying, advanced routing and traffic control.
+ .
+ A Linux kernel >= 3.13 is required. However, >= 4.14 is recommended.
+
+Package: libnftables-dev
+Section: libdevel
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Depends: libnftables1 (=${binary:Version}), ${misc:Depends}
+Description: Development files for libnftables
+ This library provides high level semantics to interact with the nftables
+ framework by Netfilter project.
+ .
+ nftables replaces the old popular iptables, ip6tables, arptables and ebtables.
+ .
+ Netfilter software and nftables in particular are used in applications such
+ as Internet connection sharing, firewalls, IP accounting, transparent
+ proxying, advanced routing and traffic control.
+ .
+ A Linux kernel >= 3.13 is required. However, >= 4.14 is recommended.
+ .
+ This package provides development files and static libraries.
+
+Package: libnftables1
+Section: libs
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: Netfilter nftables high level userspace API library
+ This library provides high level semantics to interact with the nftables
+ framework by Netfilter project.
+ .
+ nftables replaces the old popular iptables, ip6tables, arptables and ebtables.
+ .
+ Netfilter software and nftables in particular are used in applications such
+ as Internet connection sharing, firewalls, IP accounting, transparent
+ proxying, advanced routing and traffic control.
+ .
+ A Linux kernel >= 3.13 is required. However, >= 4.14 is recommended.
+ .
+ This package contains the libnftables library.
+
+Package: python3-nftables
+Priority: optional
+Section: python
+Architecture: linux-any
+Depends: libnftables1 (=${binary:Version}),
+ python3-jsonschema,
+ ${misc:Depends},
+ ${python3:Depends}
+Description: nftables/libnftables python3 module
+ The libnftables library provides high level semantics to interact with the
+ nftables framework by the Netfilter project.
+ .
+ nftables replaces the old popular iptables, ip6tables, arptables and ebtables.
+ .
+ Netfilter software and nftables in particular are used in applications such
+ as Internet connection sharing, firewalls, IP accounting, transparent
+ proxying, advanced routing and traffic control.
+ .
+ A Linux kernel >= 3.13 is required. However, >= 4.14 is recommended.
+ .
+ This package contains the libnftables python3 bindings.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..c6b8917
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,493 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: nftables
+Source: http://git.netfilter.org/nftables
+
+Files: *
+Copyright: 2008 Patrick McHardy <kaber@trash.net>
+License: GPL-2
+
+Files: tests/py/nft-test.py
+Copyright: 2014 Ana Rey Botello <anarey@gmail.com>
+License: GPL-2+
+
+Files: src/nfnl_osf.c
+Copyright: 2005 Evgeniy Polyakov <johnpol@2ka.mxt.ru>
+License: GPL-2+
+
+Files: py/nftables.py
+Copyright: 2018 Phil Sutter <phil@nwl.cc>
+License: GPL-2
+
+Files: src/libnftables.c include/nftables/libnftables.h
+Copyright: 2017 Eric Leblond <eric@regit.org>
+License: GPL-2
+
+Files: src/netlink.c
+Copyright: 2008-2012 Patrick McHardy <kaber@trash.net>
+ 2013 Pablo Neira Ayuso <pablo@netfilter.org>
+License: GPL-2
+
+Files: src/netlink_delinearize.c src/netlink_linearize.c
+Copyright: 2008 Patrick McHardy <kaber@trash.net>
+ 2013 Pablo Neira Ayuso <pablo@netfilter.org>
+License: GPL-2
+
+Files: src/mnl.c
+Copyright: 2013 Pablo Neira Ayuso <pablo@netfilter.org>
+License: GPL-2
+
+Files: src/iface.c
+Copyright: 2015 Pablo Neira Ayuso <pablo@netfilter.org>
+License: GPL-2
+
+Files: src/hash.c
+Copyright: 2016 Pablo Neira Ayuso <pablo@netfilter.org>
+License: GPL-2
+
+Files: src/mini-gmp.c include/mini-gmp.h
+Copyright: 1991-1997, 1999-2014, Free Software Foundation, Inc
+License: GPL-2+
+
+Files: src/xt.c
+Copyright: 2013-2015 Pablo Neira Ayuso <pablo@netfilter.org>
+ 2015 Arturo Borrero Gonzalez <arturo@debian.org>
+License: GPL-2
+
+Files: src/mergesort.c
+Copyright: 2017 Elise Lennion <elise.lennion@gmail.com>
+License: GPL-2
+
+Files: src/rt.c
+Copyright: 2016 Anders K. Pedersen <akp@cohaesio.com>
+License: GPL-2
+
+Files: src/fib.c
+Copyright: Red Hat GmbH
+License: GPL-2
+
+Files: include/linux/netfilter_arp.h
+Copyright: 2002 Rusty Russell - IBM
+License: GPL-2
+
+Files: include/linux/netfilter_decnet.h
+Copyright: 1999 Steve Whitehouse
+ 1998 Rusty Russell
+License: GPL-2
+
+Files: include/linux/netfilter_ipv6.h
+Copyright: 1998 Rusty Russell
+ 1999 David Jeffery
+License: GPL-2
+
+Files: include/linux/netfilter_ipv4.h
+Copyright: 1998 Rusty Russell
+License: GPL-2
+
+Files: files/osf/pf.os
+Copyright: 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
+ 2003 by Mike Frantzen <frantzen@w4g.org>
+License: GPL-2
+
+Files: doc/nft.txt
+Copyright: 2008-2014 Patrick McHardy <kaber@trash.net>
+License: CC-BY-SA-4.0
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published by
+ the Free Software Foundation.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Library General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+License: CC-BY-SA-4.0
+ Creative Commons Attribution-ShareAlike 4.0 International
+ .
+ Creative Commons Corporation (“Creative Commons”) is not a law firm and does
+ not provide legal services or legal advice. Distribution of Creative Commons
+ public licenses does not create a lawyer-client or other relationship.
+ Creative Commons makes its licenses and related information available on an
+ “as-is” basis. Creative Commons gives no warranties regarding its licenses,
+ any material licensed under their terms and conditions, or any related
+ information. Creative Commons disclaims all liability for damages resulting
+ from their use to the fullest extent possible. Using Creative Commons Public
+ Licenses Creative Commons public licenses provide a standard set of terms and
+ conditions that creators and other rights holders may use to share original
+ works of authorship and other material subject to copyright and certain other
+ rights specified in the public license below. The following considerations
+ are for informational purposes only, are not exhaustive, and do not form part
+ of our licenses. Considerations for licensors: Our public licenses are
+ intended for use by those authorized to give the public permission to use
+ material in ways otherwise restricted by copyright and certain other rights.
+ Our licenses are irrevocable. Licensors should read and understand the terms
+ and conditions of the license they choose before applying it. Licensors
+ should also secure all rights necessary before applying our licenses so that
+ the public can reuse the material as expected. Licensors should clearly mark
+ any material not subject to the license. This includes other CC-licensed
+ material, or material used under an exception or limitation to copyright.
+ More considerations for licensors. Considerations for the public: By using
+ one of our public licenses, a licensor grants the public permission to use
+ the licensed material under specified terms and conditions. If the licensor’s
+ permission is not necessary for any reason–for example, because of any
+ applicable exception or limitation to copyright–then that use is not
+ regulated by the license. Our licenses grant only permissions under copyright
+ and certain other rights that a licensor has authority to grant. Use of
+ the licensed material may still be restricted for other reasons, including
+ because others have copyright or other rights in the material. A licensor
+ may make special requests, such as asking that all changes be marked or
+ described. Although not required by our licenses, you are encouraged to
+ respect those requests where reasonable. More considerations for the public.
+ .
+ Creative Commons Attribution-ShareAlike 4.0 International Public License
+ .
+ By exercising the Licensed Rights (defined below), You accept and agree
+ to be bound by the terms and conditions of this Creative Commons
+ Attribution-ShareAlike 4.0 International Public License ("Public License").
+ To the extent this Public License may be interpreted as a contract, You are
+ granted the Licensed Rights in consideration of Your acceptance of these
+ terms and conditions, and the Licensor grants You such rights in consideration
+ of benefits the Licensor receives from making the Licensed Material available
+ under these terms and conditions.
+ .
+ Section 1 – Definitions.
+ .
+ a. Adapted Material means material subject to Copyright and Similar Rights
+ that is derived from or based upon the Licensed Material and in which the
+ Licensed Material is translated, altered, arranged, transformed, or
+ otherwise modified in a manner requiring permission under the Copyright
+ and Similar Rights held by the Licensor. For purposes of this Public
+ License, where the Licensed Material is a musical work, performance, or
+ sound recording, Adapted Material is always produced where the Licensed
+ Material is synched in timed relation with a moving image.
+ .
+ b. Adapter's License means the license You apply to Your Copyright and
+ Similar Rights in Your contributions to Adapted Material in accordance
+ with the terms and conditions of this Public License.
+ .
+ c. BY-SA Compatible License means a license listed at
+ creativecommons.org/compatiblelicenses, approved by Creative Commons
+ as essentially the equivalent of this Public License.
+ .
+ d. Copyright and Similar Rights means copyright and/or similar rights closely
+ related to copyright including, without limitation, performance,
+ broadcast, sound recording, and Sui Generis Database Rights, without
+ regard to how the rights are labeled or categorized. For purposes of this
+ Public License, the rights specified in Section 2(b)(1)-(2) are not
+ Copyright and Similar Rights.
+ .
+ e. Effective Technological Measures means those measures that, in the absence
+ of proper authority, may not be circumvented under laws fulfilling
+ obligations under Article 11 of the WIPO Copyright Treaty adopted on
+ December 20, 1996, and/or similar international agreements.
+ .
+ f. Exceptions and Limitations means fair use, fair dealing, and/or any other
+ exception or limitation to Copyright and Similar Rights that applies to
+ Your use of the Licensed Material.
+ .
+ g. License Elements means the license attributes listed in the name of a
+ Creative Commons Public License. The License Elements of this Public
+ License are Attribution and ShareAlike.
+ .
+ h. Licensed Material means the artistic or literary work, database, or other
+ material to which the Licensor applied this Public License.
+ .
+ i. Licensed Rights means the rights granted to You subject to the terms and
+ conditions of this Public License, which are limited to all Copyright and
+ Similar Rights that apply to Your use of the Licensed Material and that
+ the Licensor has authority to license.
+ .
+ j. Licensor means the individual(s) or entity(ies) granting rights under this
+ Public License.
+ .
+ k. Share means to provide material to the public by any means or process that
+ requires permission under the Licensed Rights, such as reproduction,
+ public display, public performance, distribution, dissemination,
+ communication, or importation, and to make material available to the
+ public including in ways that members of the public may access the
+ material from a place and at a time individually chosen by them.
+ .
+ l. Sui Generis Database Rights means rights other than copyright resulting
+ from Directive 96/9/EC of the European Parliament and of the Council of
+ 11 March 1996 on the legal protection of databases, as amended and/or
+ succeeded, as well as other essentially equivalent rights anywhere in the
+ world.
+ .
+ m. You means the individual or entity exercising the Licensed Rights under
+ this Public License. Your has a corresponding meaning.
+ .
+ Section 2 – Scope.
+ .
+ a. License grant.
+ .
+ 1. Subject to the terms and conditions of this Public License, the
+ Licensor hereby grants You a worldwide, royalty-free,
+ non-sublicensable, non-exclusive, irrevocable license to exercise
+ the Licensed Rights in the Licensed Material to:
+ .
+ A. reproduce and Share the Licensed Material, in whole or in part; and
+ B. produce, reproduce, and Share Adapted Material.
+ .
+ 2. Exceptions and Limitations. For the avoidance of doubt, where
+ Exceptions and Limitations apply to Your use, this Public License
+ does not apply, and You do not need to comply with its terms and
+ conditions.
+ .
+ 3. Term. The term of this Public License is specified in Section 6(a).
+ .
+ 4. Media and formats; technical modifications allowed. The Licensor
+ authorizes You to exercise the Licensed Rights in all media and
+ formats whether now known or hereafter created, and to make
+ technical modifications necessary to do so. The Licensor waives
+ and/or agrees not to assert any right or authority to forbid You
+ from making technical modifications necessary to exercise the
+ Licensed Rights, including technical modifications necessary to
+ circumvent Effective Technological Measures. For purposes of this
+ Public License, simply making modifications authorized by this
+ Section 2(a)(4) never produces Adapted Material.
+ .
+ 5. Downstream recipients.
+ .
+ A. Offer from the Licensor – Licensed Material. Every recipient of
+ the Licensed Material automatically receives an offer from the
+ Licensor to exercise the Licensed Rights under the terms and
+ conditions of this Public License.
+ .
+ B. Additional offer from the Licensor – Adapted Material. Every
+ recipient of Adapted Material from You automatically receives an
+ offer from the Licensor to exercise the Licensed Rights in the
+ Adapted Material under the conditions of the Adapter’s License
+ You apply.
+ .
+ C. No downstream restrictions. You may not offer or impose any
+ additional or different terms or conditions on, or apply any
+ Effective Technological Measures to, the Licensed Material if
+ doing so restricts exercise of the Licensed Rights by any
+ recipient of the Licensed Material.
+ .
+ 6. No endorsement. Nothing in this Public License constitutes or may be
+ construed as permission to assert or imply that You are, or that Your
+ use of the Licensed Material is, connected with, or sponsored,
+ endorsed, or granted official status by, the Licensor or others
+ designated to receive attribution as provided in Section 3(a)(1)(A)(i).
+ .
+ b. Other rights.
+ .
+ 1. Moral rights, such as the right of integrity, are not licensed under
+ this Public License, nor are publicity, privacy, and/or other similar
+ personality rights; however, to the extent possible, the Licensor
+ waives and/or agrees not to assert any such rights held by the
+ Licensor to the limited extent necessary to allow You to exercise the
+ Licensed Rights, but not otherwise.
+ .
+ 2. Patent and trademark rights are not licensed under this Public License.
+ .
+ 3. To the extent possible, the Licensor waives any right to collect
+ royalties from You for the exercise of the Licensed Rights, whether
+ directly or through a collecting society under any voluntary or
+ waivable statutory or compulsory licensing scheme. In all other
+ cases the Licensor expressly reserves any right to collect such
+ royalties.
+ .
+ Section 3 – License Conditions.
+ .
+ Your exercise of the Licensed Rights is expressly made subject to the
+ following conditions.
+ .
+ a. Attribution.
+ .
+ 1. If You Share the Licensed Material (including in modified form),
+ You must:
+ .
+ A. retain the following if it is supplied by the Licensor with
+ the Licensed Material:
+ .
+ i. identification of the creator(s) of the Licensed Material
+ and any others designated to receive attribution, in any
+ reasonable manner requested by the Licensor (including by
+ pseudonym if designated);
+ .
+ ii. a copyright notice;
+ .
+ iii. a notice that refers to this Public License;
+ .
+ iv. a notice that refers to the disclaimer of warranties;
+ .
+ v. a URI or hyperlink to the Licensed Material to the extent
+ reasonably practicable;
+ .
+ B. indicate if You modified the Licensed Material and retain an
+ indication of any previous modifications; and
+ .
+ C. indicate the Licensed Material is licensed under this Public
+ License, and include the text of, or the URI or hyperlink to,
+ this Public License.
+ .
+ 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable
+ manner based on the medium, means, and context in which You Share
+ the Licensed Material. For example, it may be reasonable to satisfy
+ the conditions by providing a URI or hyperlink to a resource that
+ includes the required information.
+ .
+ 3. If requested by the Licensor, You must remove any of the information
+ required by Section 3(a)(1)(A) to the extent reasonably practicable.
+ .
+ b. ShareAlike.In addition to the conditions in Section 3(a), if You Share
+ Adapted Material You produce, the following conditions also apply.
+ .
+ 1. The Adapter’s License You apply must be a Creative Commons license
+ with the same License Elements, this version or later, or a BY-SA
+ Compatible License.
+ .
+ 2. You must include the text of, or the URI or hyperlink to, the
+ Adapter's License You apply. You may satisfy this condition in
+ any reasonable manner based on the medium, means, and context in
+ which You Share Adapted Material.
+ .
+ 3. You may not offer or impose any additional or different terms or
+ conditions on, or apply any Effective Technological Measures to,
+ Adapted Material that restrict exercise of the rights granted under
+ the Adapter's License You apply.
+ .
+ Section 4 – Sui Generis Database Rights.
+ .
+ Where the Licensed Rights include Sui Generis Database Rights that apply to
+ Your use of the Licensed Material:
+ .
+ a. for the avoidance of doubt, Section 2(a)(1) grants You the right to
+ extract, reuse, reproduce, and Share all or a substantial portion of
+ the contents of the database;
+ .
+ b. if You include all or a substantial portion of the database contents
+ in a database in which You have Sui Generis Database Rights, then the
+ database in which You have Sui Generis Database Rights (but not its
+ individual contents) is Adapted Material, including for purposes of
+ Section 3(b); and
+ .
+ c. You must comply with the conditions in Section 3(a) if You Share all
+ or a substantial portion of the contents of the database.
+ For the avoidance of doubt, this Section 4 supplements and does not
+ replace Your obligations under this Public License where the Licensed
+ Rights include other Copyright and Similar Rights.
+ .
+ Section 5 – Disclaimer of Warranties and Limitation of Liability.
+ .
+ a. Unless otherwise separately undertaken by the Licensor, to the extent
+ possible, the Licensor offers the Licensed Material as-is and
+ as-available, and makes no representations or warranties of any kind
+ concerning the Licensed Material, whether express, implied, statutory,
+ or other. This includes, without limitation, warranties of title,
+ merchantability, fitness for a particular purpose, non-infringement,
+ absence of latent or other defects, accuracy, or the presence or
+ absence of errors, whether or not known or discoverable. Where
+ disclaimers of warranties are not allowed in full or in part, this
+ disclaimer may not apply to You.
+ .
+ b. To the extent possible, in no event will the Licensor be liable to
+ You on any legal theory (including, without limitation, negligence)
+ or otherwise for any direct, special, indirect, incidental,
+ consequential, punitive, exemplary, or other losses, costs, expenses,
+ or damages arising out of this Public License or use of the Licensed
+ Material, even if the Licensor has been advised of the possibility of
+ such losses, costs, expenses, or damages. Where a limitation of
+ liability is not allowed in full or in part, this limitation may not
+ apply to You.
+ .
+ c. The disclaimer of warranties and limitation of liability provided above
+ shall be interpreted in a manner that, to the extent possible, most
+ closely approximates an absolute disclaimer and waiver of all liability.
+ .
+ Section 6 – Term and Termination.
+ .
+ a. This Public License applies for the term of the Copyright and Similar
+ Rights licensed here. However, if You fail to comply with this Public
+ License, then Your rights under this Public License terminate
+ automatically.
+ .
+ b. Where Your right to use the Licensed Material has terminated under
+ Section 6(a), it reinstates:
+ .
+ 1. automatically as of the date the violation is cured, provided it
+ is cured within 30 days of Your discovery of the violation; or
+ .
+ 2. upon express reinstatement by the Licensor.
+ .
+ c. For the avoidance of doubt, this Section 6(b) does not affect any right
+ the Licensor may have to seek remedies for Your violations of this Public
+ License.
+ .
+ d. For the avoidance of doubt, the Licensor may also offer the Licensed
+ Material under separate terms or conditions or stop distributing the
+ Licensed Material at any time; however, doing so will not terminate
+ this Public License.
+ .
+ e. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
+ .
+ Section 7 – Other Terms and Conditions.
+ .
+ a. The Licensor shall not be bound by any additional or different terms
+ or conditions communicated by You unless expressly agreed.
+ .
+ b. Any arrangements, understandings, or agreements regarding the Licensed
+ Material not stated herein are separate from and independent of the
+ terms and conditions of this Public License.
+ .
+ Section 8 – Interpretation.
+ .
+ a. For the avoidance of doubt, this Public License does not, and shall
+ not be interpreted to, reduce, limit, restrict, or impose conditions
+ on any use of the Licensed Material that could lawfully be made without
+ permission under this Public License.
+ .
+ b. To the extent possible, if any provision of this Public License is
+ deemed unenforceable, it shall be automatically reformed to the minimum
+ extent necessary to make it enforceable. If the provision cannot be
+ reformed, it shall be severed from this Public License without affecting
+ the enforceability of the remaining terms and conditions.
+ .
+ c. No term or condition of this Public License will be waived and no
+ failure to comply consented to unless expressly agreed to by the
+ Licensor.
+ .
+ d. Nothing in this Public License constitutes or may be interpreted as a
+ limitation upon, or waiver of, any privileges and immunities that apply
+ to the Licensor or You, including from the legal processes of any
+ jurisdiction or authority.
+ .
+ Creative Commons is not a party to its public licenses. Notwithstanding,
+ Creative Commons may elect to apply one of its public licenses to material
+ it publishes and in those instances will be considered the “Licensor.”
+ Except for the limited purpose of indicating that material is shared under
+ a Creative Commons public license or as otherwise permitted by the Creative
+ Commons policies published at creativecommons.org/policies, Creative Commons
+ does not authorize the use of the trademark “Creative Commons” or any other
+ trademark or logo of Creative Commons without its prior written consent
+ including, without limitation, in connection with any unauthorized
+ modifications to any of its public licenses or any other arrangements,
+ understandings, or agreements concerning use of licensed material. For the
+ avoidance of doubt, this paragraph does not form part of the public licenses.
+ Creative Commons may be contacted at creativecommons.org.
diff --git a/debian/examples/README b/debian/examples/README
new file mode 100644
index 0000000..3c0ff46
--- /dev/null
+++ b/debian/examples/README
@@ -0,0 +1,13 @@
+These are some examples of the nftables syntax.
+
+You may find example configurations for different families and operations (nat,
+filter, mangle).
+
+Also, you may find concrete configurations models, for example a simple
+ruleset for a workstation.
+
+For up-to-date information about syntax and usage, head to the official
+wiki at: http://wiki.nftables.org
+---
+ The nftables package Debian maintainer,
+ Arturo Borrero Gonzalez - 13/Nov/2015
diff --git a/debian/examples/nat.nft b/debian/examples/nat.nft
new file mode 100755
index 0000000..ec17b02
--- /dev/null
+++ b/debian/examples/nat.nft
@@ -0,0 +1,30 @@
+#!/usr/sbin/nft -f
+
+table ip nat {
+ chain prerouting {
+ type nat hook prerouting priority 0;
+
+ #Thanks to nftables maps, if you have a previous iptables NAT (destination NAT) ruleset like this:
+ # % iptables -t nat -A PREROUTING -p tcp --dport 1000 -j DNAT --to-destination 1.1.1.1:1234
+ # % iptables -t nat -A PREROUTING -p udp --dport 2000 -j DNAT --to-destination 2.2.2.2:2345
+ # % iptables -t nat -A PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 3.3.3.3:3456
+
+ # It can be easily translated to nftables in a single line:
+
+ dnat tcp dport map { 1000 : 1.1.1.1, 2000 : 2.2.2.2, 3000 : 3.3.3.3} \
+ : tcp dport map { 1000 : 1234, 2000 : 2345, 3000 : 3456 }
+ }
+
+ chain postrouting {
+ type nat hook postrouting priority 0;
+
+ #Likewise, in iptables NAT (source NAT):
+ # % iptables -t nat -A POSTROUTING -s 192.168.1.1 -j SNAT --to-source 1.1.1.1
+ # % iptables -t nat -A POSTROUTING -s 192.168.2.2 -j SNAT --to-source 2.2.2.2
+ # % iptables -t nat -A POSTROUTING -s 192.168.3.3 -j SNAT --to-source 3.3.3.3
+
+ # Translated to a nftables one-liner:
+
+ snat ip saddr map { 192.168.1.1 : 1.1.1.1, 192.168.2.2 : 2.2.2.2, 192.168.3.3 : 3.3.3.3 }
+ }
+}
diff --git a/debian/examples/overview.nft b/debian/examples/overview.nft
new file mode 100755
index 0000000..98079db
--- /dev/null
+++ b/debian/examples/overview.nft
@@ -0,0 +1,56 @@
+#!/usr/sbin/nft -f
+
+table inet overview_test_table {
+ chain overview_test_chain {
+ #
+ # simple selectors
+ #
+
+ # source & destination address
+ ip saddr 1.1.1.1 ip daddr 2.2.2.2
+
+ # tcp or udp ports
+ tcp dport 123
+ udp sport 123
+
+ # using sets
+ ip saddr {1.1.1.1, 2.2.2.2} ip daddr {3.3.3.3, 4.4.4.4} tcp dport {22, 80, 443}
+
+ # packets meta information: nic names
+ iifname eth0 oifname eth1
+
+ # packets meta information: nic index
+ iif bond0 oif bond1
+
+ # conntrack engine states
+ ct state new,established
+ ct state invalid
+ ct state established,related
+
+ #
+ # simple verdicts (iptables targets)
+ #
+
+ # counter and drop all traffic
+ counter drop
+
+ # accept all traffic
+ accept
+
+ #
+ # rejecting traffic (more info at http://wiki.nftables.org/)
+ #
+
+ # counter and reject all traffic
+ counter reject
+
+ # reject with a concrete ICMP code
+ reject with icmp type host-unreachable
+
+ # reject with a concrete ICMPv6 code
+ reject with icmpv6 type no-route
+
+ # multi-family reject, using the icmpx keyword
+ reject with icmpx type admin-prohibited
+ }
+}
diff --git a/debian/examples/sysvinit/README b/debian/examples/sysvinit/README
new file mode 100644
index 0000000..b1002f6
--- /dev/null
+++ b/debian/examples/sysvinit/README
@@ -0,0 +1,14 @@
+The file /usr/share/doc/nftables/examples/sysvinit/nftables.init is a typical
+sysvinit script for you to use as /etc/init.d/nftables.
+
+Given Debian default init system is systemd, I have no intention to support
+sysvinit apart of providing this example file.
+
+Read the script carefully before using it, as is just an example.
+You will likely require to manually edit and install the script in order to
+properly use it.
+
+I will probably drop all sysvinit-related stuff like this in the future.
+---
+ The nftables package Debian maintainer,
+ Arturo Borrero Gonzalez - 12/Nov/2015
diff --git a/debian/examples/sysvinit/nftables.init b/debian/examples/sysvinit/nftables.init
new file mode 100644
index 0000000..777d393
--- /dev/null
+++ b/debian/examples/sysvinit/nftables.init
@@ -0,0 +1,122 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: nftables
+# Required-Start: $local_fs $network $remote_fs $syslog
+# Required-Stop: $local_fs $remote_fs $syslog
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: nftables firewall service
+# Description: nftables firewall system service
+### END INIT INFO
+
+# Author: Arturo Borrero Gonzalez <arturo@debian.org>
+
+# Do NOT "set -e"
+
+CONF=/etc/nftables.conf
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="firewall service"
+NAME=nftables
+BIN=/usr/sbin/nft
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$BIN" ] || exit 0
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+do_start()
+{
+ # Return
+ # 0 if start OK
+ # 2 if start NOK
+
+ # nft v0.4 return 0 if ENOENT $CONF
+ if [ ! -r "$CONF" ] ; then
+ echo "E: No such $NAME $DESC config file $CONF" >&2
+ return 2
+ fi
+
+ $BIN -f $CONF || return 2
+}
+
+do_stop()
+{
+ # Return
+ # 0 if stopped
+ # 1 if already stopped
+ # 2 if could not be stopped
+ if ! do_status ; then
+ $BIN flush ruleset || return 2
+ fi
+}
+
+do_status()
+{
+ # Return
+ # 0 if no rules
+ # 1 if rules
+ if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then
+ return 0
+ fi
+
+ return 1
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ ret="$?"
+ case "$ret" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ exit $ret
+ ;;
+ restart|force-reload)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
+ do_start
+ ret="$?"
+ case "$ret" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ exit $ret
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ ret="$?"
+ case "$ret" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ exit $ret
+ ;;
+ status)
+ if ! do_status ; then
+ [ "$VERBOSE" != no ] && log_daemon_msg "Status of ${DESC}: rules loaded" "$NAME"
+ [ "$VERBOSE" != no ] && log_end_msg 0
+ exit 0
+ else
+ [ "$VERBOSE" != no ] && log_daemon_msg "Status of ${DESC}: no rules loaded" "$NAME"
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/examples/workstation.nft b/debian/examples/workstation.nft
new file mode 100755
index 0000000..bc7cd02
--- /dev/null
+++ b/debian/examples/workstation.nft
@@ -0,0 +1,25 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0;
+
+ # accept any localhost traffic
+ iif lo accept
+
+ # accept traffic originated from us
+ ct state established,related accept
+
+ # activate the following line to accept common local services
+ #tcp dport { 22, 80, 443 } ct state new accept
+
+ # ICMPv6 packets which must not be dropped, see https://tools.ietf.org/html/rfc4890#section-4.4.1
+ meta nfproto ipv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-reply, echo-request, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, 148, 149 } accept
+ ip6 saddr fe80::/10 icmpv6 type { 130, 131, 132, 143, 151, 152, 153 } accept
+
+ # count and drop any other traffic
+ counter drop
+ }
+}
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..b55e04d
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,5 @@
+[DEFAULT]
+ pristine-tar = true
+
+[dch]
+ id-length = 7
diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml
new file mode 100644
index 0000000..5c575a1
--- /dev/null
+++ b/debian/gitlab-ci.yml
@@ -0,0 +1,6 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+ RELEASE: 'unstable'
diff --git a/debian/libnftables-dev.examples b/debian/libnftables-dev.examples
new file mode 100644
index 0000000..43ec862
--- /dev/null
+++ b/debian/libnftables-dev.examples
@@ -0,0 +1 @@
+examples/*.c
diff --git a/debian/libnftables-dev.install b/debian/libnftables-dev.install
new file mode 100644
index 0000000..a62775f
--- /dev/null
+++ b/debian/libnftables-dev.install
@@ -0,0 +1,3 @@
+/usr/lib/*/libnftables.so
+usr/include/nftables/*
+usr/lib/*/pkgconfig/*
diff --git a/debian/libnftables1.install b/debian/libnftables1.install
new file mode 100644
index 0000000..b84967f
--- /dev/null
+++ b/debian/libnftables1.install
@@ -0,0 +1 @@
+usr/lib/*/*so.*
diff --git a/debian/libnftables1.lintian-overrides b/debian/libnftables1.lintian-overrides
new file mode 100644
index 0000000..ebfacfc
--- /dev/null
+++ b/debian/libnftables1.lintian-overrides
@@ -0,0 +1 @@
+spelling-error-in-binary iif if [usr/lib/*/libnftables.so.*]
diff --git a/debian/libnftables1.manpages b/debian/libnftables1.manpages
new file mode 100644
index 0000000..8f9f199
--- /dev/null
+++ b/debian/libnftables1.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man3/libnftables.3
+usr/share/man/man5/libnftables-json.5
diff --git a/debian/libnftables1.symbols b/debian/libnftables1.symbols
new file mode 100644
index 0000000..b6743e1
--- /dev/null
+++ b/debian/libnftables1.symbols
@@ -0,0 +1,32 @@
+libnftables.so.1 libnftables1 #MINVER#
+* Build-Depends-Package: libnftables-dev
+ LIBNFTABLES_1@LIBNFTABLES_1 1.0.2
+ LIBNFTABLES_2@LIBNFTABLES_2 1.0.2
+ LIBNFTABLES_3@LIBNFTABLES_3 1.0.2
+ LIBNFTABLES_4@LIBNFTABLES_4 1.0.9
+ nft_ctx_add_include_path@LIBNFTABLES_1 1.0.2
+ nft_ctx_add_var@LIBNFTABLES_2 1.0.2
+ nft_ctx_buffer_error@LIBNFTABLES_1 1.0.2
+ nft_ctx_buffer_output@LIBNFTABLES_1 1.0.2
+ nft_ctx_clear_include_paths@LIBNFTABLES_1 1.0.2
+ nft_ctx_clear_vars@LIBNFTABLES_2 1.0.2
+ nft_ctx_free@LIBNFTABLES_1 1.0.2
+ nft_ctx_get_dry_run@LIBNFTABLES_1 1.0.2
+ nft_ctx_get_error_buffer@LIBNFTABLES_1 1.0.2
+ nft_ctx_get_optimize@LIBNFTABLES_3 1.0.2
+ nft_ctx_get_output_buffer@LIBNFTABLES_1 1.0.2
+ nft_ctx_input_get_flags@LIBNFTABLES_4 1.0.9
+ nft_ctx_input_set_flags@LIBNFTABLES_4 1.0.9
+ nft_ctx_new@LIBNFTABLES_1 1.0.2
+ nft_ctx_output_get_debug@LIBNFTABLES_1 1.0.2
+ nft_ctx_output_get_flags@LIBNFTABLES_1 1.0.2
+ nft_ctx_output_set_debug@LIBNFTABLES_1 1.0.2
+ nft_ctx_output_set_flags@LIBNFTABLES_1 1.0.2
+ nft_ctx_set_dry_run@LIBNFTABLES_1 1.0.2
+ nft_ctx_set_error@LIBNFTABLES_1 1.0.2
+ nft_ctx_set_optimize@LIBNFTABLES_3 1.0.2
+ nft_ctx_set_output@LIBNFTABLES_1 1.0.2
+ nft_ctx_unbuffer_error@LIBNFTABLES_1 1.0.2
+ nft_ctx_unbuffer_output@LIBNFTABLES_1 1.0.2
+ nft_run_cmd_from_buffer@LIBNFTABLES_1 1.0.2
+ nft_run_cmd_from_filename@LIBNFTABLES_1 1.0.2
diff --git a/debian/nftables.conf b/debian/nftables.conf
new file mode 100644
index 0000000..fb6f06d
--- /dev/null
+++ b/debian/nftables.conf
@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority filter;
+ }
+ chain forward {
+ type filter hook forward priority filter;
+ }
+ chain output {
+ type filter hook output priority filter;
+ }
+}
diff --git a/debian/nftables.examples b/debian/nftables.examples
new file mode 100644
index 0000000..e199ca5
--- /dev/null
+++ b/debian/nftables.examples
@@ -0,0 +1,4 @@
+debian/examples/*
+etc/nftables/osf/pf.os
+usr/share/doc/nftables/examples/*
+usr/share/nftables/*nft
diff --git a/debian/nftables.install b/debian/nftables.install
new file mode 100644
index 0000000..1c912c4
--- /dev/null
+++ b/debian/nftables.install
@@ -0,0 +1,2 @@
+debian/nftables.conf etc
+usr/sbin/*
diff --git a/debian/nftables.links b/debian/nftables.links
new file mode 100644
index 0000000..c092691
--- /dev/null
+++ b/debian/nftables.links
@@ -0,0 +1 @@
+usr/share/man/man8/nft.8.gz usr/share/man/man8/nftables.8.gz
diff --git a/debian/nftables.lintian-overrides b/debian/nftables.lintian-overrides
new file mode 100644
index 0000000..16bdc2a
--- /dev/null
+++ b/debian/nftables.lintian-overrides
@@ -0,0 +1 @@
+typo-in-manual-page iif if [usr/share/man/man8/nft.8.gz:*]
diff --git a/debian/nftables.manpages b/debian/nftables.manpages
new file mode 100644
index 0000000..6fc511d
--- /dev/null
+++ b/debian/nftables.manpages
@@ -0,0 +1 @@
+usr/share/man/man8/nft.8
diff --git a/debian/nftables.service b/debian/nftables.service
new file mode 100644
index 0000000..769c9fc
--- /dev/null
+++ b/debian/nftables.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=nftables
+Documentation=man:nft(8) http://wiki.nftables.org
+Wants=network-pre.target
+Before=network-pre.target shutdown.target
+Conflicts=shutdown.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardInput=null
+ProtectSystem=full
+ProtectHome=true
+ExecStart=/usr/sbin/nft -f /etc/nftables.conf
+ExecReload=/usr/sbin/nft -f /etc/nftables.conf
+ExecStop=/usr/sbin/nft flush ruleset
+
+[Install]
+WantedBy=sysinit.target
diff --git a/debian/not-installed b/debian/not-installed
new file mode 100644
index 0000000..e925cee
--- /dev/null
+++ b/debian/not-installed
@@ -0,0 +1 @@
+usr/lib/${DEB_TARGET_MULTIARCH}/libnftables.la
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..e004562
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,46 @@
+#!/usr/bin/make -f
+
+ifeq (,$(filter terse,$(DEB_BUILD_OPTIONS)))
+export DH_VERBOSE=1
+endif
+export PYBUILD_NAME = nftables
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+include /usr/share/dpkg/architecture.mk
+include /usr/share/dpkg/pkg-info.mk
+
+pybuild_pkg := python3-$(PYBUILD_NAME)
+pybuild_opts := --buildsystem=pybuild -- --dir $(CURDIR)/py
+
+%:
+ dh $@ --with python3
+
+override_dh_auto_clean:
+ dh_auto_clean -N$(pybuild_pkg)
+ dh_auto_clean -p$(pybuild_pkg) $(pybuild_opts)
+
+override_dh_auto_configure:
+ dh_auto_configure -N$(pybuild_pkg) -- \
+ --with-xtables \
+ --with-json \
+ --with-python-bin=/usr/bin/python3 \
+ --with-cli=editline \
+ --
+ dh_auto_configure -p$(pybuild_pkg) $(pybuild_opts)
+
+override_dh_auto_build:
+ dh_auto_build -N$(pybuild_pkg)
+ dh_auto_build -p$(pybuild_pkg) $(pybuild_opts)
+
+override_dh_auto_install:
+ dh_auto_install -N$(pybuild_pkg)
+ dh_auto_install -p$(pybuild_pkg) $(pybuild_opts)
+
+execute_after_dh_fixperms:
+ chmod a+x debian/nftables/etc/nftables.conf
+
+override_dh_installsystemd:
+ dh_installsystemd --no-enable --no-start --restart-after-upgrade
+
+override_dh_installexamples:
+ dh_installexamples -XMakefile
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/options b/debian/source/options
new file mode 100644
index 0000000..9060822
--- /dev/null
+++ b/debian/source/options
@@ -0,0 +1,2 @@
+# Don't store changes on autogenerated files
+extend-diff-ignore = "(^|/)(compile|config\.sub|config\.guess|Makefile|configure|Makefile\.in|aclocal.m4|config.h.in|depcomp|INSTALL|install-sh|ltmain.sh|missing||libtool.m4|lt~obsolete.m4|ltoptions.m4|ltsugar.m4|ltversion.m4|.Po)"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..9b40f99
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,20 @@
+Test-Command: nft -h
+Depends: @
+Restrictions: needs-root, superficial
+
+Tests: internaltest-shell.sh
+Depends: kmod, @
+Restrictions: needs-root, allow-stderr, isolation-container, flaky
+
+Tests: internaltest-monitor.sh
+Depends: @
+Restrictions: needs-root, allow-stderr, isolation-container, flaky
+
+# Disable test until we decide what to do with the nftables python module
+#Tests: internaltest-py.sh
+#Depends: @, python
+#Restrictions: needs-root, allow-stderr, isolation-container, build-needed
+
+Tests: systemd-service-test.sh
+Depends: systemd, @
+Restrictions: needs-root, allow-stderr, isolation-container
diff --git a/debian/tests/internaltest-monitor.sh b/debian/tests/internaltest-monitor.sh
new file mode 100644
index 0000000..446f2f2
--- /dev/null
+++ b/debian/tests/internaltest-monitor.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (monitor)
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ echo "W: this testsuite is likely to produce many fails because of old kernel, ending now"
+ exit 0
+fi
+
+set -e
+ln -s $(which nft) src/nft
+cd tests/monitor
+./run-tests.sh -d
diff --git a/debian/tests/internaltest-py.sh b/debian/tests/internaltest-py.sh
new file mode 100644
index 0000000..f8e7627
--- /dev/null
+++ b/debian/tests/internaltest-py.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (py)
+
+# The testsuite requires kernel at least 4.x
+if [ "$(uname -r | cut -d. -f1)" -lt 4 ] ; then
+ echo "W: This testsuite is likely to produce many fails because of old kernel"
+fi
+
+set -e
+cd tests/py
+NFT=$(which nft) ./nft-test.py
diff --git a/debian/tests/internaltest-shell.sh b/debian/tests/internaltest-shell.sh
new file mode 100644
index 0000000..a3fdcbc
--- /dev/null
+++ b/debian/tests/internaltest-shell.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Run the internal tests of nftables (shell)
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ echo "W: this testsuite is likely to produce many fails because of old kernel, ending now"
+ exit 0
+fi
+
+set -e
+cd tests/shell
+NFT=$(which nft) ./run-tests.sh -v
diff --git a/debian/tests/systemd-service-test.sh b/debian/tests/systemd-service-test.sh
new file mode 100644
index 0000000..83461bc
--- /dev/null
+++ b/debian/tests/systemd-service-test.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+set -ex
+
+SERVICE=nftables.service
+
+# The testsuite requires kernel at least 5.x
+if [ "$(uname -r | cut -d. -f1)" -lt 5 ] ; then
+ : WARNING this testsuite is likely to produce many fails because of old kernel, ending now
+ exit 0
+fi
+
+systemctl_call()
+{
+ if systemctl $1 $SERVICE ; then
+ return 0
+ else
+ journalctl -u $SERVICE
+ return 1
+ fi
+}
+
+# package ships service disabled by default
+if ! systemctl_call enable ; then
+ : WARNING enabling the service failed
+fi
+
+if systemctl -q is-active $SERVICE ; then
+ : WARNING initial service running, stopping now
+ if ! systemctl_call stop ; then
+ : ERROR unable to stop the initial service
+ exit 1
+ fi
+fi
+
+if [ $(nft list ruleset | wc -l) -ne 0 ] ; then
+ : WARNING initial ruleset is not empty, flushing now
+ nft flush ruleset
+fi
+
+if ! systemctl_call start ; then
+ : ERROR failed to start systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -eq 0 ] ; then
+ : ERROR no ruleset loaded after systemd service start
+ exit 1
+fi
+
+systemctl_call status
+nft list ruleset
+
+if ! systemctl_call stop ; then
+ : ERROR failed to stop systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -ne 0 ] ; then
+ : ERROR ruleset still loaded after systemd service stop
+ exit 1
+fi
+
+if ! systemctl_call restart ; then
+ : ERROR failed to restart systemd service
+ exit 1
+fi
+if [ $(nft list ruleset | wc -l) -eq 0 ] ; then
+ : ERROR no ruleset loaded after systemd service restart
+ exit 1
+fi
+
+: INFO test was OK
+exit 0
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..db4707d
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
+660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
+V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
+zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
+Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
+KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
+dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
+WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
+9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
++IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
+U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
+tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
+VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
+CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
++ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
+RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
+4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
+IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
+bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
+Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
+QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
+wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
+4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
+tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
+n8Uvz12Xu/Qde+NicogLNWF90QJ2uQINBF+HdQgBEADSTGQKWM3ni63O0bOnxgyu
+Gd3oxEk/mqu7zkU/WBKaUQRtUKFAwbjaHQBcSFjOkqcLze1/QGXiDC9hDow2mxeU
+OkTR28Dg8iw2HMJqrVodDTaSvOX18A4HCzkFvnT4prJN54tXK14YY2YLOrMm/cjP
+6Q4tE3+8MzWbdNKe9+s5aUDzDkXzvphYGnNBVbfxkLE3SMEwc2d+n3Fd1vIjx99+
+EqrGraete0fs/qtmpR/Fcp89doh4tqCRbZk8YYIQkTj3C1s91zCr/QOwX7mXhNJP
+qSu8ZwSq6WcylJNY9rs0ys1dgarqORzQ7MvT4EJ9egZV1a8XR30Jwc9sOu2hzCpz
+w/7/ivNaMbZ7pKcAQE/FqL5MstVUy4UB+RdMuW6UK1R/y8KtP6uNtYXw94jx7W9r
+QtYXk/c3v7KpGKZXLRW/NX8d6PMXAab7iGkwd1EabX/CTb4eSoxE2RTELwHXavKG
+KL6Crvmf+fObgqsDtBaIacPakcJoau1Abxg1QFYKOpCozFtmfVNzp34IKwwsrQiG
+YfHizWoH0S9nLoqvEsfnBhrdc6Aj4YwzdTGjbfyh5vBsa/pT/kcR9xLd6RF+ppoU
+gmlOMK9FuQX96YxLYjsJ6mo4rAUAh4ePTholfFYPbkDeRqS6T6W75xkuL6vI3Y+q
+d4LIktheyTMuzsrARDQZFwARAQABiQI8BBgBCgAmFiEEN9lkrMBJgcdVAPub1V2X
+iooUIOQFAl+HdQgCGwwFCQeEzgAACgkQ1V2XiooUIOTTCBAAgXcF8AzEQfK0Hqja
+4W4e6Y2xxxZmoPGz75Jgqv4GBsfTEBChVBbRBjUgYepuaV6/YSfRw9ldeqvREW7g
+XAOsKLM+Hn0BQW22oHu2UhAgjfsTC4q0BkVW06M7tnkvBV3nR9F/X9CViwxlsEYP
+qQKkjrbhYx4WDI1acGx/7O9QYR/OMeUYFns4dgVi2z91LmOybVjQLwGnqOdybNnc
+84Iw6KT4rOKmUay0fXExo6mumU3Pz5S32grJuqxgZTcf2xSY8++fsp+7zEGuO3zg
+beKn64h1+xv04N7PMbEEixJtyARGIdu4aHPWQ+ORF4JvWYhgNtbfb9YwNu8k1WlK
+z2wuNIg7/wjHEOzdmNbCUb5q3ftqSsbTTbrbo48IAYLqOWyitud0eR8tGvjcyti0
+nPxpkfBCSRMFte6+q6Gne0rOmCJgmRMXmPggFtBRM8EKZqnznZbrLyMpOMeK9diR
+/EPDVhzM1N2Jv8qnaKZ/0gsAn1ybC+P3hywmlrsolo5YzWuzMDwyE8dmT0ROUBKg
+qouIGg1l8lR7fJXhhNRt86FzSaIFoQ7MIddOVJ5WRBHzr2x22sYFj4y1f8ZLh4VZ
+Wqncl20xMa4CulNsHrzUtN3QbkOm4zSGzCLfbpW4gVfDCVkdD2bZzSfefH9UFwuB
+k/i9xRtYOSbc/q5W7u9J4dpEia4=
+=m35R
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..973c3df
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts=pgpsigurlmangle=s/$/.sig/ \
+https://www.netfilter.org/pub/nftables/nftables-((?!0.100|0.099)\S+).tar.xz