Initial commit

meta-google/recipes-google/nftables/files/nft-configure.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+shopt -s nullglob
+declare -A basemap=()
+i=0
+for dir in /run/nftables /etc/nftables /usr/share/nftables; do
+  for file in "$dir"/*.rules; do
+    basemap["${file##*/}$i"]="$file"
+  done
+  (( i+=1 ))
+done
+
+rules=""
+trap 'rm -f -- "$rules"' TERM INT EXIT ERR
+rules="$(mktemp)" || exit
+echo 'flush ruleset' >"$rules"
+for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do
+  echo "Loading ${basemap[$key]}" >&2
+  echo '' >>"$rules"
+  cat "${basemap[$key]}" >>"$rules"
+done
+nft -f "$rules" || exit

meta-google/recipes-google/nftables/files/nftables.service

@@ -0,0 +1,12 @@
+[Unit]
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/nft-configure.sh
+ExecReload=/usr/libexec/nft-configure.sh
+ExecStop=/usr/sbin/nft flush ruleset
+
+[Install]
+WantedBy=multi-user.target

meta-google/recipes-google/nftables/nftables-systemd.bb

@@ -0,0 +1,29 @@
+SUMMARY = "nftables systemd wrapper"
+DESCRIPTION = "nftables systemd wrapper"
+PR = "r1"
+PV = "1.0"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+SRC_URI += " \
+  file://nft-configure.sh \
+  file://nftables.service \
+  "
+
+SYSTEMD_SERVICE:${PN} += "nftables.service"
+
+RDEPENDS:${PN} += " \
+  bash \
+  nftables \
+  "
+
+do_install() {
+  install -d ${D}${libexecdir}
+  install -m0755 ${WORKDIR}/nft-configure.sh ${D}${libexecdir}/
+
+  install -d ${D}${systemd_system_unitdir}
+  install -m0644 ${WORKDIR}/nftables.service ${D}${systemd_system_unitdir}/
+}