iptables: added runit services and systemd build option (off).

This commit is contained in:
Juan RP 2014-10-28 11:43:39 +01:00
parent 2f278f0afd
commit f8074cec1d
8 changed files with 30 additions and 12 deletions

View File

@ -4,7 +4,7 @@ Description=IPv6 Packet Filtering Framework
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
ExecStop=/lib/systemd/scripts/iptables-flush -6
ExecStop=/usr/libexec/iptables-flush -6
RemainAfterExit=yes
[Install]

View File

@ -0,0 +1,3 @@
#!/bin/sh
set -e
exec /usr/libexec/iptables-flush -6

View File

@ -0,0 +1,4 @@
#!/bin/sh
set -e
ip6tables-restore /etc/iptables/ip6tables.rules
exec chpst -b ip6tables pause

View File

@ -1,17 +1,17 @@
#!/bin/bash
#!/bin/sh
# Usage: iptables-flush [-6]
iptables=/usr/sbin/iptables
tables=(filter mangle raw)
tables="filter mangle raw"
if [[ "$1" == "-6" ]]; then
if [ "$1" = "-6" ]; then
iptables=/usr/sbin/ip6tables
else
# Only ipv4 has a nat table
tables+=(nat)
tables="$tables nat"
fi
for table in "${tables[@]}"; do
for table in ${tables}; do
$iptables -t "$table" -F
$iptables -t "$table" -X
done

View File

@ -4,7 +4,7 @@ Description=Packet Filtering Framework
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/lib/systemd/scripts/iptables-flush
ExecStop=/usr/libexec/iptables-flush
RemainAfterExit=yes
[Install]

View File

@ -0,0 +1,3 @@
#!/bin/sh
set -e
exec /usr/libexec/iptables-flush

View File

@ -0,0 +1,4 @@
#!/bin/sh
set -e
iptables-restore /etc/iptables/iptables.rules
exec chpst -b iptables pause

View File

@ -1,8 +1,9 @@
# Template file for 'iptables'
pkgname=iptables
version=1.4.21
revision=1
revision=2
build_style=gnu-configure
build_options="systemd"
configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler"
hostmakedepends="pkg-config"
makedepends="libpcap-devel"
@ -26,10 +27,13 @@ pre_build() {
post_install() {
# systemd services.
vmkdir usr/lib/systemd/system
install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system
vinstall ${FILESDIR}/iptables-flush.scripts 755 \
usr/lib/systemd/scripts iptables-flush
if [ "$build_option_systemd" ]; then
vmkdir usr/lib/systemd/system
install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system
fi
vsv iptables
vsv ip6tables
vinstall ${FILESDIR}/iptables-flush.scripts 755 usr/libexec iptables-flush
# Configuration files and rules.
for f in empty.rules simple_firewall.rules; do