projects / config / nftables.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a Makefile to make it easier to deploy the configuration
[config/nftables.git] / Makefile
diff --git a/Makefile b/Makefile
new file mode 100644 (file)
index 0000000..e934f47
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,18 @@
+all:
+
+deploy-workstation:
+       if ! diff -q /etc/nftables.conf nftables-workstation.nft > /dev/null; \
+       then \
+         sudo cp nftables-workstation.nft /etc/nftables.conf; \
+         sudo etckeeper vcs commit -m "nftables.conf: import latest upstream config" -- nftables.conf; \
+       fi
+       for ipt in iptables ip6tables; \
+       do \
+         sudo $$ipt -F; \
+         sudo $$ipt -X; \
+         for chain in INPUT OUTPUT FORWARD;\
+         do \
+           sudo $$ipt -P $$chain ACCEPT; \
+         done \
+       done
+       sudo systemctl restart nftables.service
Configuration files for the nftables linux packet filtering framework