From 824cfbc851bc1e352f9772d47642cb1d10df5c93 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Thu, 12 Jun 2014 11:27:02 +0200
Subject: [PATCH 1/1] add nftables systemd service

---
 PKGBUILD         |  9 ++++++++-
 nftables-flush   | 14 ++++++++++++++
 nftables.service | 15 +++++++++++++++
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 nftables-flush
 create mode 100644 nftables.service

diff --git a/PKGBUILD b/PKGBUILD
index 599c7a0..150494b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
 pkgname=nftables
 epoch=1
 pkgver=0.2
-pkgrel=1
+pkgrel=2
 pkgdesc='Netfilter nftables userspace tools'
 arch=('i686' 'x86_64')
 url='http://netfilter.org/projects/nftables/'
@@ -12,9 +12,13 @@ license=('GPL2')
 depends=('libmnl' 'libnftnl' 'gmp' 'readline' 'ncurses')
 makedepends=('docbook2x')
 source=("http://netfilter.org/projects/nftables/files/nftables-$pkgver.tar.bz2"{,.sig}
+        'nftables.service'
+        'nftables-flsuh'
         '02-manpages.patch')
 sha1sums=('1d1959e02e970b1de0e9435142a64d09240c0591'
           'SKIP'
+          'f19980625c7154cf9feeb321ae52e55bbed844da'
+          'cdf7925e28be4a3cfc90665ec2a9f4b25af1b13e'
           '3ef58d5199b358ceb184307aca3e215c40ce3707')
 
 build() {
@@ -27,6 +31,9 @@ build() {
 package() {
   cd $pkgname-$pkgver
   make DESTDIR="$pkgdir" install
+
+  install -D -m0644 ${srcdir}/nftables.service ${pkgdir}/usr/lib/systemd/system/nftables.service
+  install -D -m0755 ${srcdir}/nftables-flsuh ${pkgdir}/usr/lib/systemd/scripts/nftables-flush
 }
 
 # vim:set ts=2 sw=2 et:
diff --git a/nftables-flush b/nftables-flush
new file mode 100644
index 0000000..00dedae
--- /dev/null
+++ b/nftables-flush
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+for FAMILY in ip ip6 inet arp bridge; do
+	TABLES=$(nft list tables ${FAMILY} | grep "^table\s" | cut -d' ' -f2)
+	for TABLE in ${TABLES}; do
+		CHAINS=$(nft list table ${FAMILY} ${TABLE} | grep "^\schain\s" | cut -d' ' -f2)
+		for CHAIN in ${CHAINS}; do
+			nft flush chain ${FAMILY} ${TABLE} ${CHAIN}
+			nft delete chain ${FAMILY} ${TABLE} ${CHAIN}
+		done
+		nft flush table ${FAMILY} ${TABLE}
+		nft delete table ${FAMILY} ${TABLE}
+	done
+done
diff --git a/nftables.service b/nftables.service
new file mode 100644
index 0000000..3db24cd
--- /dev/null
+++ b/nftables.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Packet Filtering Framework
+Before=network-pre.target
+RequiredBy=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/nft -f /etc/nftables/nftables.rules
+ExecReload=/usr/lib/systemd/scripts/nftables-flush
+ExecReload=/usr/bin/nft -f /etc/nftables/nftables.rules
+ExecStop=/usr/lib/systemd/scripts/nftables-flush
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
-- 
2.0.0