Initial commit

meta-google/recipes-google/nftables/files/nft-configure.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+shopt -s nullglob
+declare -A basemap=()
+i=0
+for dir in /run/nftables /etc/nftables /usr/share/nftables; do
+  for file in "$dir"/*.rules; do
+    basemap["${file##*/}$i"]="$file"
+  done
+  (( i+=1 ))
+done
+
+rules=""
+trap 'rm -f -- "$rules"' TERM INT EXIT ERR
+rules="$(mktemp)" || exit
+echo 'flush ruleset' >"$rules"
+for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do
+  echo "Loading ${basemap[$key]}" >&2
+  echo '' >>"$rules"
+  cat "${basemap[$key]}" >>"$rules"
+done
+nft -f "$rules" || exit

meta-google/recipes-google/nftables/files/nftables.service

@@ -0,0 +1,12 @@
+[Unit]
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/nft-configure.sh
+ExecReload=/usr/libexec/nft-configure.sh
+ExecStop=/usr/sbin/nft flush ruleset
+
+[Install]
+WantedBy=multi-user.target