iptables: added runit services and systemd build option (off).
This commit is contained in:
parent
2f278f0afd
commit
f8074cec1d
8 changed files with 30 additions and 12 deletions
|
@ -4,7 +4,7 @@ Description=IPv6 Packet Filtering Framework
|
|||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
|
||||
ExecStop=/lib/systemd/scripts/iptables-flush -6
|
||||
ExecStop=/usr/libexec/iptables-flush -6
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
|
3
srcpkgs/iptables/files/ip6tables/finish
Normal file
3
srcpkgs/iptables/files/ip6tables/finish
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
exec /usr/libexec/iptables-flush -6
|
4
srcpkgs/iptables/files/ip6tables/run
Normal file
4
srcpkgs/iptables/files/ip6tables/run
Normal file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
ip6tables-restore /etc/iptables/ip6tables.rules
|
||||
exec chpst -b ip6tables pause
|
|
@ -1,17 +1,17 @@
|
|||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
# Usage: iptables-flush [-6]
|
||||
|
||||
iptables=/usr/sbin/iptables
|
||||
tables=(filter mangle raw)
|
||||
tables="filter mangle raw"
|
||||
|
||||
if [[ "$1" == "-6" ]]; then
|
||||
if [ "$1" = "-6" ]; then
|
||||
iptables=/usr/sbin/ip6tables
|
||||
else
|
||||
# Only ipv4 has a nat table
|
||||
tables+=(nat)
|
||||
tables="$tables nat"
|
||||
fi
|
||||
|
||||
for table in "${tables[@]}"; do
|
||||
for table in ${tables}; do
|
||||
$iptables -t "$table" -F
|
||||
$iptables -t "$table" -X
|
||||
done
|
||||
|
|
|
@ -4,7 +4,7 @@ Description=Packet Filtering Framework
|
|||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules
|
||||
ExecStop=/lib/systemd/scripts/iptables-flush
|
||||
ExecStop=/usr/libexec/iptables-flush
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
|
3
srcpkgs/iptables/files/iptables/finish
Normal file
3
srcpkgs/iptables/files/iptables/finish
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
exec /usr/libexec/iptables-flush
|
4
srcpkgs/iptables/files/iptables/run
Normal file
4
srcpkgs/iptables/files/iptables/run
Normal file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
iptables-restore /etc/iptables/iptables.rules
|
||||
exec chpst -b iptables pause
|
|
@ -1,8 +1,9 @@
|
|||
# Template file for 'iptables'
|
||||
pkgname=iptables
|
||||
version=1.4.21
|
||||
revision=1
|
||||
revision=2
|
||||
build_style=gnu-configure
|
||||
build_options="systemd"
|
||||
configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler"
|
||||
hostmakedepends="pkg-config"
|
||||
makedepends="libpcap-devel"
|
||||
|
@ -26,10 +27,13 @@ pre_build() {
|
|||
|
||||
post_install() {
|
||||
# systemd services.
|
||||
vmkdir usr/lib/systemd/system
|
||||
install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system
|
||||
vinstall ${FILESDIR}/iptables-flush.scripts 755 \
|
||||
usr/lib/systemd/scripts iptables-flush
|
||||
if [ "$build_option_systemd" ]; then
|
||||
vmkdir usr/lib/systemd/system
|
||||
install -m644 ${FILESDIR}/*.service ${DESTDIR}/usr/lib/systemd/system
|
||||
fi
|
||||
vsv iptables
|
||||
vsv ip6tables
|
||||
vinstall ${FILESDIR}/iptables-flush.scripts 755 usr/libexec iptables-flush
|
||||
|
||||
# Configuration files and rules.
|
||||
for f in empty.rules simple_firewall.rules; do
|
||||
|
|
Loading…
Reference in a new issue