Skip to content

net-firewall/nftables: provide nftables systemd units#2946

Merged
tormath1 merged 3 commits intomainfrom
tormath1/nftables
May 22, 2025
Merged

net-firewall/nftables: provide nftables systemd units#2946
tormath1 merged 3 commits intomainfrom
tormath1/nftables

Conversation

@tormath1
Copy link
Copy Markdown
Contributor

@tormath1 tormath1 commented May 21, 2025
edited
Loading

In this PR, we provide systemd units for nftables to load and save nftables rules. We enable json support for nft CLI as well.

Testing done

flatcar/mantle#615

=== RUN   cl.network.nftables
=== RUN   cl.network.iptables
--- PASS: cl.network.nftables (27.97s)
        cluster.go:152: + sudo nft --json list ruleset | jq '.nftables | .[] | select(.chain) | .chain.policy'
--- PASS: cl.network.iptables (28.28s)
        cluster.go:152: + sudo nft --json list ruleset | jq '.nftables | .[] | select(.chain) | .chain.policy'
PASS, output in _kola_temp/qemu-2025-05-21-1856-159723

Closes: flatcar/Flatcar#900

Note: once merged, I'll backport the commit profiles: enable JSON support for nftables to all channels to enable cl.network.iptables new test for all channels.

tormath1 added 2 commits May 21, 2025 15:15
@tormath1
net-firewall/nftables: remove masked units
bbb1a4c 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1
profiles: enable JSON support for nftables
52deea7 
This help for automation and scripting purposes. dev-libs/jansson is
already shipped in the generic image.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1 tormath1 self-assigned this May 21, 2025
@tormath1 tormath1 added the main label May 21, 2025
@tormath1 tormath1 mentioned this pull request May 21, 2025
Merged
@github-project-automation github-project-automation bot moved this from ⚒️ In Progress to ✅ Testing / in Review in Flatcar tactical, release planning, and roadmap May 21, 2025
@tormath1
changelog: add entry
373684a 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1 tormath1 marked this pull request as ready for review May 21, 2025 17:04
@tormath1 tormath1 requested a review from a team May 21, 2025 17:04
@github-actions github-actions bot mentioned this pull request May 22, 2025
Closed
@tormath1 tormath1 merged commit b3e8dfc into main May 22, 2025
2 of 4 checks passed
@tormath1 tormath1 deleted the tormath1/nftables branch May 22, 2025 12:34
@github-project-automation github-project-automation bot moved this from ✅ Testing / in Review to Implemented in Flatcar tactical, release planning, and roadmap May 22, 2025
@tormath1
Copy link
Copy Markdown
Contributor Author

tormath1 commented May 22, 2025

Cherry-picked commit profiles: enable JSON support for nftables to:

  • flatcar-4284
  • flatcar-4230
  • flatcar-4152
  • flatcar-4081
  • flatcar-3510

@github-actions
Copy link
Copy Markdown

github-actions bot commented May 22, 2025

Build action triggered: https://github.com/flatcar/scripts/actions/runs/15190538266

@github-actions github-actions bot mentioned this pull request Jun 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chewi chewi chewi approved these changes

Assignees

@tormath1 tormath1

Labels

main

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[RFE] update nftables and ship systemd unit

3 participants

@tormath1 @chewi @dongsupark