nftables: Add example config file

This adds only empty chains, but it will be needed for the bbinit
startscript not to fail. User will probably overwrite it with something
more useful.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

2 files changed, 16 insertions, 0 deletions

diff --git a/projectroot/etc/nftables.conf b/projectroot/etc/nftables.conf
new file mode 100755
index 000000000..2c09327d7
--- /dev/null
+++ b/projectroot/etc/nftables.conf
@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table filter {
+	chain input {
+		type filter hook input priority 0;
+	}
+	chain forward {
+		type filter hook forward priority 0;
+	}
+	chain output {
+		type filter hook output priority 0;
+	}
+}
diff --git a/rules/nftables.make b/rules/nftables.make
index 74828a2e9..7645784dd 100644
--- a/rules/nftables.make
+++ b/rules/nftables.make
@@ -56,6 +56,7 @@ $(STATEDIR)/nftables.targetinstall:
 	@$(call install_fixup, nftables,DESCRIPTION,missing)
 
 	@$(call install_copy, nftables, 0, 0, 0755, -, /usr/sbin/nft)
+	@$(call install_alternative, nftables, 0, 0, 0755, /etc/nftables.conf)
 
 	@$(call install_finish, nftables)