From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id BADBB5D66;
	Mon, 01 Dec 2025 22:23:05 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id DFB675D4A; Mon, 01 Dec 2025 22:23:01 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from mail.cyberchaos.dev (mail.cyberchaos.dev
 [IPv6:2a0f:4ac0::3a11])
	by atuin.qyliss.net (Postfix) with ESMTPS id 11F985D49
	for <devel@spectrum-os.org>; Mon, 01 Dec 2025 22:23:01 +0000 (UTC)
From: Yureka Lilian <yureka@cyberchaos.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberchaos.dev;
	s=mail; t=1764627779;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O/OwF7ejroZclpWXNHuFuy/aZWPvzaewB4NR5VKheZA=;
	b=3Gzfur8o8qs7LpFjiacGH9kGEA1DVtokGGkLBHt5WZ1iGTQ99eAU/C4Fv/7Unp9F0FF+TN
	Uj7JH9sDw7qZTNFRebOaGJJvjRTJekq0cG6ZHAKh87KlE2ZknCt/lg6eRH51y+TANNLMFN
	AXz7UputpcNCtdxCcKWG6y5Xht8hWOM=
To: devel@spectrum-os.org
Subject: [PATCH] vm/sys/net: start nftables service
Date: Mon,  1 Dec 2025 23:22:43 +0100
Message-ID: <20251201222248.94015-1-yureka@cyberchaos.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 2SDNRMPXGWHNCLCC56D3TPJYEVERVDIZ
X-Message-ID-Hash: 2SDNRMPXGWHNCLCC56D3TPJYEVERVDIZ
X-MailFrom: yureka@cyberchaos.dev
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Yureka Lilian <yureka@cyberchaos.dev>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/2SDNRMPXGWHNCLCC56D3TPJYEVERVDIZ/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This was supposed to be here all along to ensure the net-vm does not create any
traffic on any interfaces except for the xdp-forwarder setup.

Fixes: dcee941 ("vm/sys/net: integrate xdp-forwarder")
Signed-off-by: Yureka Lilian <yureka@cyberchaos.dev>
---
 vm/sys/net/file-list.mk                                  | 1 +
 vm/sys/net/image/etc/s6-rc/mdevd/dependencies.d/nftables | 0
 2 files changed, 1 insertion(+)
 create mode 100644 vm/sys/net/image/etc/s6-rc/mdevd/dependencies.d/nftables

diff --git a/vm/sys/net/file-list.mk b/vm/sys/net/file-list.mk
index 7cc3520..dfea2a8 100644
--- a/vm/sys/net/file-list.mk
+++ b/vm/sys/net/file-list.mk
@@ -26,6 +26,7 @@ S6_RC_FILES = \
 	image/etc/s6-rc/mdevd-coldplug/dependencies.d/mdevd \
 	image/etc/s6-rc/mdevd-coldplug/type \
 	image/etc/s6-rc/mdevd-coldplug/up \
+	image/etc/s6-rc/mdevd/dependencies.d/nftables \
 	image/etc/s6-rc/mdevd/notification-fd \
 	image/etc/s6-rc/mdevd/run \
 	image/etc/s6-rc/mdevd/type \
diff --git a/vm/sys/net/image/etc/s6-rc/mdevd/dependencies.d/nftables b/vm/sys/net/image/etc/s6-rc/mdevd/dependencies.d/nftables
new file mode 100644
index 0000000..e69de29
-- 
2.51.2