meta-google: nftables-systemd: Parse rules in a useful order We want to make sure rules get parsed in a sensible order, following a sorting order similar to systemd units. Change-Id: Ica06c953dba793d89d50c6b4cfc8e8a2eb1f58de Signed-off-by: William A. Kennington III <wak@google.com>

commit: c20feb7b192779112e702b8081d63b3d9a610867 [log] [tgz]
author: William A. Kennington III <wak@google.com> Mon Mar 08 12:31:30 2021 -0800
committer: William A. Kennington III <wak@google.com> Tue Mar 09 03:53:28 2021 +0000
tree: ef16e3c28f8e1ab19eaf5afa6bf5f8b16b769ac0
parent: 0ce248846f907f3716625c268b61a9325b8762f4 [diff] [blame]
diff --git a/meta-google/recipes-google/nftables/files/nft-configure.sh b/meta-google/recipes-google/nftables/files/nft-configure.sh
new file mode 100644
index 0000000..a82c282
--- /dev/null
+++ b/meta-google/recipes-google/nftables/files/nft-configure.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+shopt -s nullglob
+declare -A basemap=()
+i=0
+for dir in /run/nftables /etc/nftables /usr/share/nftables; do
+  for file in "$dir"/*.rules; do
+    basemap["${file##*/}$i"]="$file"
+  done
+  let i+=1
+done
+rc=0
+for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do
+  echo "Executing ${basemap[$key]}" >&2
+  nft -f "${basemap[$key]}" || rc=$?
+done
+exit $rc
commit	c20feb7b192779112e702b8081d63b3d9a610867	[log] [tgz]
author	William A. Kennington III <wak@google.com>	Mon Mar 08 12:31:30 2021 -0800
committer	William A. Kennington III <wak@google.com>	Tue Mar 09 03:53:28 2021 +0000
tree	ef16e3c28f8e1ab19eaf5afa6bf5f8b16b769ac0
parent	0ce248846f907f3716625c268b61a9325b8762f4 [diff] [blame]