Convert firewall to nftables.

Debian Buster uses the nftables framework by default.

1 files changed, 0 insertions, 36 deletions

diff --git a/roles/common/files/etc/network/if-post-down.d/iptables b/roles/common/files/etc/network/if-post-down.d/iptables
deleted file mode 100755
index d27977d..0000000
--- a/roles/common/files/etc/network/if-post-down.d/iptables
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-# A post-down hook to flush ip tables and delete custom chains in the
-# loaded v4 and v6 rulesets.
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-set -ue
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-
-# Ignore the loopback interface; run the script for ifdown only.
-[ "$IFACE" != lo -a "$MODE" = stop ] || exit 0
-
-case "$ADDRFAM" in
-    inet)  ipts=/sbin/iptables-save;  ipt=/sbin/iptables;;
-    inet6) ipts=/sbin/ip6tables-save; ipt=/sbin/ip6tables;;
-    *)     exit 0
-esac
-
-$ipts | sed -nr 's/^\*//p' | \
-while read table; do
-    $ipt -t "$table" -F
-    $ipt -t "$table" -X
-done