From f8074cec1d9466ac9dca94bc316ef46378d8596a Mon Sep 17 00:00:00 2001 From: Juan RP Date: Tue, 28 Oct 2014 11:43:39 +0100 Subject: [PATCH] iptables: added runit services and systemd build option (off). --- srcpkgs/iptables/files/ip6tables.service | 2 +- srcpkgs/iptables/files/ip6tables/finish | 3 +++ srcpkgs/iptables/files/ip6tables/run | 4 ++++ srcpkgs/iptables/files/iptables-flush.scripts | 10 +++++----- srcpkgs/iptables/files/iptables.service | 2 +- srcpkgs/iptables/files/iptables/finish | 3 +++ srcpkgs/iptables/files/iptables/run | 4 ++++ srcpkgs/iptables/template | 14 +++++++++----- 8 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 srcpkgs/iptables/files/ip6tables/finish create mode 100644 srcpkgs/iptables/files/ip6tables/run create mode 100644 srcpkgs/iptables/files/iptables/finish create mode 100644 srcpkgs/iptables/files/iptables/run diff --git a/srcpkgs/iptables/files/ip6tables.service b/srcpkgs/iptables/files/ip6tables.service index 1e068156556..204b0b36095 100644 --- a/srcpkgs/iptables/files/ip6tables.service +++ b/srcpkgs/iptables/files/ip6tables.service @@ -4,7 +4,7 @@ Description=IPv6 Packet Filtering Framework [Service] Type=oneshot ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules -ExecStop=/lib/systemd/scripts/iptables-flush -6 +ExecStop=/usr/libexec/iptables-flush -6 RemainAfterExit=yes [Install] diff --git a/srcpkgs/iptables/files/ip6tables/finish b/srcpkgs/iptables/files/ip6tables/finish new file mode 100644 index 00000000000..e79e3a103b5 --- /dev/null +++ b/srcpkgs/iptables/files/ip6tables/finish @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +exec /usr/libexec/iptables-flush -6 diff --git a/srcpkgs/iptables/files/ip6tables/run b/srcpkgs/iptables/files/ip6tables/run new file mode 100644 index 00000000000..5f3a4741b30 --- /dev/null +++ b/srcpkgs/iptables/files/ip6tables/run @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +ip6tables-restore /etc/iptables/ip6tables.rules +exec chpst -b ip6tables pause diff --git a/srcpkgs/iptables/files/iptables-flush.scripts b/srcpkgs/iptables/files/iptables-flush.scripts index 8cb3d561c8e..238e1a9d891 100644 --- a/srcpkgs/iptables/files/iptables-flush.scripts +++ b/srcpkgs/iptables/files/iptables-flush.scripts @@ -1,17 +1,17 @@ -#!/bin/bash +#!/bin/sh # Usage: iptables-flush [-6] iptables=/usr/sbin/iptables -tables=(filter mangle raw) +tables="filter mangle raw" -if [[ "$1" == "-6" ]]; then +if [ "$1" = "-6" ]; then iptables=/usr/sbin/ip6tables else # Only ipv4 has a nat table - tables+=(nat) + tables="$tables nat" fi -for table in "${tables[@]}"; do +for table in ${tables}; do $iptables -t "$table" -F $iptables -t "$table" -X done diff --git a/srcpkgs/iptables/files/iptables.service b/srcpkgs/iptables/files/iptables.service index 90b2507fb63..f5288dfdde3 100644 --- a/srcpkgs/iptables/files/iptables.service +++ b/srcpkgs/iptables/files/iptables.service @@ -4,7 +4,7 @@ Description=Packet Filtering Framework [Service] Type=oneshot ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules -ExecStop=/lib/systemd/scripts/iptables-flush +ExecStop=/usr/libexec/iptables-flush RemainAfterExit=yes [Install] diff --git a/srcpkgs/iptables/files/iptables/finish b/srcpkgs/iptables/files/iptables/finish new file mode 100644 index 00000000000..b690abfb4bd --- /dev/null +++ b/srcpkgs/iptables/files/iptables/finish @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +exec /usr/libexec/iptables-flush diff --git a/srcpkgs/iptables/files/iptables/run b/srcpkgs/iptables/files/iptables/run new file mode 100644 index 00000000000..3643e863f68 --- /dev/null +++ b/srcpkgs/iptables/files/iptables/run @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +iptables-restore /etc/iptables/iptables.rules +exec chpst -b iptables pause diff --git a/srcpkgs/iptables/template b/srcpkgs/iptables/template index bb9a340d68d..631439c75da 100644 --- a/srcpkgs/iptables/template +++ b/srcpkgs/iptables/template @@ -1,8 +1,9 @@ # Template file for 'iptables' pkgname=iptables version=1.4.21 -revision=1 +revision=2 build_style=gnu-configure +build_options="systemd" configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler" hostmakedepends="pkg-config" makedepends="libpcap-devel" @@ -26,10 +27,13 @@ pre_build() { post_install() { # systemd services. - vmkdir usr/lib/systemd/system - install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system - vinstall ${FILESDIR}/iptables-flush.scripts 755 \ - usr/lib/systemd/scripts iptables-flush + if [ "$build_option_systemd" ]; then + vmkdir usr/lib/systemd/system + install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system + fi + vsv iptables + vsv ip6tables + vinstall ${FILESDIR}/iptables-flush.scripts 755 usr/libexec iptables-flush # Configuration files and rules. for f in empty.rules simple_firewall.rules; do