Age | Commit message (Collapse) | Author | Files | Lines |
|
This ensures that all of the rules are processed and unexpected packets
are not allowed or blocked by the kernel at any time.
Change-Id: Ia7bb1d7f604f8ed1bd9759a23e370d20cb0c690d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We don't want errors in loading previous rules to affect the state of the
ruleset during restart.
Change-Id: Ic122e971670d56022029f1155c1accdf129672d0
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We want to make sure rules get parsed in a sensible order, following a
sorting order similar to systemd units.
Change-Id: Ica06c953dba793d89d50c6b4cfc8e8a2eb1f58de
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We need nftables-systemd to execute correctly even if the machine has
no rules installed.
Change-Id: I20d58b721381a2829eaa2baedd5d79e8e0a10fd0
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Initial recipes-google/nftables code from gBMC.
Google-Bug-Id: 179618498
Upstream: 8ac594bdf054082ca6dbe35c4345759fe4c31669
Signed-off-by: Willy Tu <wltu@google.com>
Change-Id: Ic768cd1ffeec5831063c9a0f5cdbc8fdcd36a862
|