snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

iptables: added runit services and systemd build option (off).

This commit is contained in:
Juan RP 2014-10-28 11:43:39 +01:00
parent 2f278f0afd
commit f8074cec1d
8 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
srcpkgs/iptables/files/ip6tables.service
View File

@ -4,7 +4,7 @@ Description=IPv6 Packet Filtering Framework
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
ExecStop=/lib/systemd/scripts/iptables-flush -6 ExecStop=/usr/libexec/iptables-flush -6
RemainAfterExit=yes RemainAfterExit=yes
[Install] [Install]

3
srcpkgs/iptables/files/ip6tables/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
set -e
exec /usr/libexec/iptables-flush -6

4
srcpkgs/iptables/files/ip6tables/run Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
set -e
ip6tables-restore /etc/iptables/ip6tables.rules
exec chpst -b ip6tables pause

10
srcpkgs/iptables/files/iptables-flush.scripts
View File

@ -1,17 +1,17 @@
#!/bin/bash #!/bin/sh
# Usage: iptables-flush [-6] # Usage: iptables-flush [-6]
iptables=/usr/sbin/iptables iptables=/usr/sbin/iptables
tables=(filter mangle raw) tables="filter mangle raw"
if [[ "$1" == "-6" ]]; then if [ "$1" = "-6" ]; then
iptables=/usr/sbin/ip6tables iptables=/usr/sbin/ip6tables
else else
# Only ipv4 has a nat table # Only ipv4 has a nat table
tables+=(nat) tables="$tables nat"
fi fi
for table in "${tables[@]}"; do for table in ${tables}; do
$iptables -t "$table" -F $iptables -t "$table" -F
$iptables -t "$table" -X $iptables -t "$table" -X
done done

2
srcpkgs/iptables/files/iptables.service
View File

@ -4,7 +4,7 @@ Description=Packet Filtering Framework
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/lib/systemd/scripts/iptables-flush ExecStop=/usr/libexec/iptables-flush
RemainAfterExit=yes RemainAfterExit=yes
[Install] [Install]

3
srcpkgs/iptables/files/iptables/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
set -e
exec /usr/libexec/iptables-flush

4
srcpkgs/iptables/files/iptables/run Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
set -e
iptables-restore /etc/iptables/iptables.rules
exec chpst -b iptables pause

14
srcpkgs/iptables/template
View File

@ -1,8 +1,9 @@
# Template file for 'iptables' # Template file for 'iptables'
pkgname=iptables pkgname=iptables
version=1.4.21 version=1.4.21
revision=1 revision=2
build_style=gnu-configure build_style=gnu-configure
build_options="systemd"
configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler" configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler"
hostmakedepends="pkg-config" hostmakedepends="pkg-config"
makedepends="libpcap-devel" makedepends="libpcap-devel"
@ -26,10 +27,13 @@ pre_build() {
post_install() { post_install() {
# systemd services. # systemd services.
vmkdir usr/lib/systemd/system if [ "$build_option_systemd" ]; then
install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system vmkdir usr/lib/systemd/system
vinstall ${FILESDIR}/iptables-flush.scripts 755 \ install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system
usr/lib/systemd/scripts iptables-flush fi
vsv iptables
vsv ip6tables
vinstall ${FILESDIR}/iptables-flush.scripts 755 usr/libexec iptables-flush
# Configuration files and rules. # Configuration files and rules.
for f in empty.rules simple_firewall.rules; do for f in empty.rules simple_firewall.rules; do