From bbb1a4c987485e6dd9a43d271bcaedd3cafe0ec8 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 21 May 2025 15:15:21 +0200 Subject: [PATCH 1/3] net-firewall/nftables: remove masked units Signed-off-by: Mathieu Tortuyaux --- .../coreos-overlay/coreos/config/env/net-firewall/nftables | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/nftables diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/nftables b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/nftables deleted file mode 100644 index f8e35864ca..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-firewall/nftables +++ /dev/null @@ -1,5 +0,0 @@ -nftables_install_mask=" /usr/libexec/nftables /var/lib/nftables /usr/lib/systemd/system/nftables-load.service /usr/lib/systemd/system/nftables-store.service " - -INSTALL_MASK+=${nftables_install_mask} -PKG_INSTALL_MASK+=${nftables_install_mask} -unset nftables_install_mask From 52deea7809a31af20c5e35c1b0e913ab478a86f8 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 21 May 2025 15:16:26 +0200 Subject: [PATCH 2/3] profiles: enable JSON support for nftables This help for automation and scripting purposes. dev-libs/jansson is already shipped in the generic image. Signed-off-by: Mathieu Tortuyaux --- .../third_party/coreos-overlay/profiles/coreos/base/package.use | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 3bc3c99d6d..4ffcf1389e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -108,6 +108,7 @@ sys-libs/ldb -lmdb -python # Enable nftables backend for the iptables instead of legacy backend net-firewall/iptables nftables +net-firewall/nftables json # Install `perl` with a minimal set of dependencies dev-lang/perl minimal From 373684ab2a302c4c57ce60efa864856b4c20658b Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 21 May 2025 18:56:23 +0200 Subject: [PATCH 3/3] changelog: add entry Signed-off-by: Mathieu Tortuyaux --- changelog/changes/2025-05-21-nftables.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/changes/2025-05-21-nftables.md diff --git a/changelog/changes/2025-05-21-nftables.md b/changelog/changes/2025-05-21-nftables.md new file mode 100644 index 0000000000..841cf11930 --- /dev/null +++ b/changelog/changes/2025-05-21-nftables.md @@ -0,0 +1 @@ +- Added `nftables-load.service` and `nftables-store.service` services to load/store rules from/in `/var/lib/nftables/rules-save` ([Flatcar#900](https://github.com/flatcar/Flatcar/issues/900))