fw4: support automatic includes
Introduce a new directory tree /usr/share/nftables.d/ which may contain
partial nftables files being included into the rendered ruleset.
The include position is derived from the file path;
- Files in .../nftables.d/table-pre/ and .../nftables.d/table-post/ are
included before and after the `table inet fw4 { ... }` declaration
respectively
- Files in .../nftables.d/ruleset-pre/ and .../nftables.d/ruleset-post/
are included before the first chain and after the last chain
declaration within the fw4 table respectively
- Files in .../nftables.d/chain-pre/${chain}/ and .../chain-post/${chain}/
are included before the first and after the last rule within the mentioned
chain of the fw4 table respectively
Automatic includes can be disabled by setting the `auto_includes` option to
`0` in the global defaults section.
Also adjust testcases accordingly.
Signed-off-by: Jo-Philipp Wich <[email protected]>
projects / project / firewall4.git / commit