Redesign of the nft firewall based on an existing Ansible playbook for the same purpose.

install.sh

@@ -7,18 +7,19 @@ say(){ echo "[nft-fw-nd-priv] $*"; }
 
 say "Creating directories..."
 install -d -m 0755 /usr/local/sbin
+install -d -m 0755 /etc/nftables.conf.d
 
 say "Installing template..."
 install -m 0644 "$REPO_DIR/templates/nftables.conf.in" /etc/nftables.conf.in
 
 say "Installing scripts..."
-install -m 0755 "$REPO_DIR/bin/fw-apply" /usr/local/sbin/fw-apply
-install -m 0755 "$REPO_DIR/bin/fw-stop"  /usr/local/sbin/fw-stop
+install -m 0755 "$REPO_DIR/sbin/fw-apply" /usr/local/sbin/fw-apply
+install -m 0755 "$REPO_DIR/sbin/fw-stop"  /usr/local/sbin/fw-stop
 
 
 say "Installing default config (won't overwrite existing)..."
-if [[ ! -f /etc/default/nft-fw ]]; then
-  install -m 0644 "$REPO_DIR/etc-default/nft-fw" /etc/default/nft-fw
+if [[ ! -f /etc/nftables.conf.d/nft-fw.conf ]]; then
+  install -m 0644 "$REPO_DIR/etc-nftables.conf.d/nft-fw.conf" /etc/nftables.conf.d/nft-fw.conf
 else
   say "Config already exists at /etc/default/nft-fw (leaving as-is)."
 fi
@@ -66,6 +67,6 @@ fi
 say "Applying firewall now..."
 /usr/local/sbin/fw-apply
 
-say "Done. Edit /etc/default/nft-fw-nd-priv and re-run: fw-apply"
+say "Done. Edit /etc/nftables.conf.d/nft-fw.conf and re-run: fw-apply"