From 7a1adbdf394113f2e8a409210a14cb5c5b8b826a Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Wed, 18 Nov 2020 17:45:52 +0100
Subject: [PATCH] Update/Add section titles

---
 minifirewall-start.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/minifirewall-start.sh b/minifirewall-start.sh
index e5cf03d..e4fdee0 100755
--- a/minifirewall-start.sh
+++ b/minifirewall-start.sh
@@ -64,14 +64,16 @@ for i in /proc/sys/net/ipv4/conf/*/log_martians; do
 echo 1 > $i
 done
 
-# IPTables configuration
-########################
+#########################
+## NFTables configuration
+#########################
 
 if ! test -f $configfile; then
     echo "$configfile does not exist" >&2
     exit 1
 fi
 
+# Parse configuration file
 . $configfile
 
 # Flush everything first
@@ -105,6 +107,9 @@ $NFT add chain inet minifirewall semipublic_udp_ports
 $NFT add chain inet minifirewall private_tcp_ports
 $NFT add chain inet minifirewall private_udp_ports
 
+################
+## Input traffic
+################
 # Related and established traffic is accepted
 $NFT add rule inet minifirewall minifirewall_input ct state related,established accept
 
@@ -198,9 +203,9 @@ for x in $SERVICESUDP1p
         $NFT add rule inet minifirewall protected_udp_ports udp dport $x drop
     done
 
-#
-## External services
-####################
+#####################################
+## Output traffic / external services
+#####################################
 
 # Add set with $DNSSERVERS elements
 $NFT add set inet minifirewall minifirewall_dnsservers { type ipv4_addr\;}