From 37f4ac3aa054c9291b8096262cb96a0ddbedc0b0 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Mon, 30 Jun 2025 13:52:21 +0100
Subject: [PATCH] Add command usage and extra command aliases to nftables
 script

---
 .../networking/templates/default/nftables.erb | 26 ++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/cookbooks/networking/templates/default/nftables.erb b/cookbooks/networking/templates/default/nftables.erb
index 363e84656..c8d9c1ac0 100644
--- a/cookbooks/networking/templates/default/nftables.erb
+++ b/cookbooks/networking/templates/default/nftables.erb
@@ -1,4 +1,9 @@
-#!/bin/sh -e
+#!/bin/sh -eu
+
+usage() {
+  echo "Usage: $0 {start|stop|reload|restart|block|drop|deny|unblock|allow|flush} [address ...]"
+  exit 1
+}
 
 start() {
   /usr/sbin/nft -f /etc/nftables.conf
@@ -45,16 +50,25 @@ flush() {
   /usr/sbin/nft --check flush set inet chef-filter ip6-blocklist && /usr/sbin/nft flush set inet chef-filter ip6-blocklist
 }
 
-command=$1
-shift
+command="${1:-}"
+if [ -n "$command" ]; then
+  shift
+fi
+
+if [ -z "$command" ]; then
+  usage
+fi
 
 case "$command" in
   start) start;;
   stop) stop;;
-  reload) reload;;
-  block) block "$@";;
-  unblock) unblock "$@";;
+  reload|restart) reload;;
+  block|drop|deny) block "$@";;
+  unblock|allow) unblock "$@";;
   flush) flush;;
+  *)
+    usage
+    ;;
 esac
 
 exit 0
-- 
2.39.5