diff options
author | Daniel sea McChlery <sea@members.fsf.org> | 2014-10-16 22:54:59 (EDT) |
---|---|---|
committer | Daniel sea McChlery <sea@members.fsf.org> | 2014-10-16 22:54:59 (EDT) |
commit | 6928c623230d870fa54f63ac5c5128dbdd0b8e00 (patch) | |
tree | 05a18bb9391ef17f129efe6d0893e6ee7aa83ef8 | |
parent | 1497ded7c7184534907c6e327247b6bd13d9f7da (diff) |
Applied pehjota's patch for the iptables init script.
-rwxr-xr-x | build | 3 | ||||
-rw-r--r-- | changelog | 1 | ||||
-rw-r--r-- | iptables.pkg/control | 4 | ||||
-rw-r--r-- | iptables.pkg/files | 1 | ||||
-rw-r--r-- | iptables.pkg/iptables.init | 38 | ||||
-rw-r--r-- | iptables.pkg/postinst | 5 | ||||
-rw-r--r-- | iptables.pkg/prerm | 5 |
7 files changed, 57 insertions, 0 deletions
@@ -16,6 +16,9 @@ install: build rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libip6tc.la" rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libiptc.la" rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libxtables.la" + install -d -m 0755 dest/etc/init.d + install -p -m 0755 ../iptables.pkg/iptables.init \ + dest/etc/init.d/iptables oh-fixperms oh-strip oh-installfiles @@ -4,6 +4,7 @@ iptables (1.4.21-2) trunk * Moved libxtables.so into the libxtables.10-dev package. * Removed the dest/ directory from libxtables.10 * Removed the xtables pkg-config files from libiptc.0-dev + * /etc/init.d/iptables: New service initialization script. -- "Daniel sea McChlery" <sea@members.fsf.org> Wed Jun 25 2014 17:56:22 -0400 diff --git a/iptables.pkg/control b/iptables.pkg/control index 0a7bde7..cd1dc51 100644 --- a/iptables.pkg/control +++ b/iptables.pkg/control @@ -1,5 +1,9 @@ Architecture: any-linux-any Platform: all Depends: iptables-common (>= ${Source-Version}), libxtables.10, libiptc.0 +# busybox provided /etc/init.d/iptables from version 1.21.1-9 to version +# 1.21.1-11, so we need to declare a conflict with those versions of busybox. +Replaces: busybox (<< 1.21.1-12) +Conflicts: busybox (<< 1.21.1-12) Description: iptables binary tools The iptables tools are used to manipulate kernel firewall tables. diff --git a/iptables.pkg/files b/iptables.pkg/files index ec51757..b5e149b 100644 --- a/iptables.pkg/files +++ b/iptables.pkg/files @@ -1,2 +1,3 @@ /usr/bin /usr/sbin +/etc/init.d/iptables diff --git a/iptables.pkg/iptables.init b/iptables.pkg/iptables.init new file mode 100644 index 0000000..31a9311 --- /dev/null +++ b/iptables.pkg/iptables.init @@ -0,0 +1,38 @@ +#!/bin/sh /etc/rc.common + +START='25' +STOP='75' + +start() +{ + [ -r /etc/iptables ] || return 0 + + log 'Loading iptables rules' + + /bin/sh /etc/iptables +} + +stop() +{ + local table= + local chains= + local chain= + + [ -r /etc/iptables ] || return 0 + + log 'Flushing iptables rules' + + # For each table (raw, nat, mangle, filter, etc.): + for table in $(cat /proc/net/ip_tables_names); do + # Flush all the rules in all the chains and delete all the + # user-defined chains. + /usr/sbin/iptables -t "${table}" -F + /usr/sbin/iptables -t "${table}" -X + chains="$(/usr/sbin/iptables -t "${table}" -L -n | \ + sed -n 's/^Chain \([^ ]*\).*$/\1/p')" + for chain in ${chains}; do + # Set the chain's policy to the "ACCEPT" target. + iptables -t "${table}" -P "${chain}" ACCEPT + done + done +} diff --git a/iptables.pkg/postinst b/iptables.pkg/postinst new file mode 100644 index 0000000..c120f92 --- /dev/null +++ b/iptables.pkg/postinst @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ "x${1}" = 'xconfigure' ]; then + /etc/init.d/iptables enable +fi diff --git a/iptables.pkg/prerm b/iptables.pkg/prerm new file mode 100644 index 0000000..231d281 --- /dev/null +++ b/iptables.pkg/prerm @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ "x${1}" = 'xremove' ]; then + /etc/init.d/iptables disable +fi |