diff options
| author | Thomas Liske <thomas@fiasko-nw.net> | 2020-03-10 17:57:01 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-11 02:07:50 -0300 |
| commit | b9609f85147a273521fd55c1b95a5a790839806e (patch) | |
| tree | 928f93070345264315597a2a9328f991899b7a2c /main/iptables | |
| parent | a8ac91920fa024a143080a4fabcf7ad3ae4c1b54 (diff) | |
| download | aports-b9609f85147a273521fd55c1b95a5a790839806e.tar.bz2 aports-b9609f85147a273521fd55c1b95a5a790839806e.tar.xz | |
main/iptables: restore lost init.d script for ebtables
Diffstat (limited to 'main/iptables')
| -rw-r--r-- | main/iptables/APKBUILD | 10 | ||||
| -rw-r--r-- | main/iptables/ebtables.confd | 15 | ||||
| -rw-r--r-- | main/iptables/ebtables.initd | 98 |
3 files changed, 121 insertions, 2 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD index 83d58da7ff..b11113b82f 100644 --- a/main/iptables/APKBUILD +++ b/main/iptables/APKBUILD @@ -2,7 +2,7 @@ pkgname=iptables pkgver=1.8.4 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel firewall, NAT and packet mangling tools" url="https://www.netfilter.org/projects/iptables/index.html" arch="all" @@ -16,6 +16,8 @@ source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.b iptables.initd iptables.confd ip6tables.confd + ebtables.initd + ebtables.confd " prepare() { @@ -60,6 +62,8 @@ package() { install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables + install -D -m755 "$srcdir"/ebtables.initd "$pkgdir"/etc/init.d/ebtables + install -D -m644 "$srcdir"/ebtables.confd "$pkgdir"/etc/conf.d/ebtables } ip6tables() { @@ -84,4 +88,6 @@ ip6tables_openrc() { sha512sums="a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb iptables-1.8.4.tar.bz2 059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1 iptables.initd cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e iptables.confd -0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd" +0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd +c8fccc96610ddc24a3a0c7c2c9f2460b87e582424e338beeb20d77726b27324f89906ef853680e62912ed3544c967469870d78aa6e39de11efda072dd8a4a836 ebtables.initd +b24afd1f5c2f200a1eec6ed7fd63500237dc168bfb9cc1297ffc288d12d30224a1ee84a7f61663daf408c42457dd7deac7594a23e448218806798294e9a1018d ebtables.confd" diff --git a/main/iptables/ebtables.confd b/main/iptables/ebtables.confd new file mode 100644 index 0000000000..db46ffb587 --- /dev/null +++ b/main/iptables/ebtables.confd @@ -0,0 +1,15 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +SAVE_RESTORE_OPTIONS="" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" + +# Tables to be saved and restored. If you have built ebtables as modules, you +# may leave it blank. Otherwise, you MUST define which to control. +TABLE_NAMES="filter nat broute" diff --git a/main/iptables/ebtables.initd b/main/iptables/ebtables.initd new file mode 100644 index 0000000000..c3e8ba92cb --- /dev/null +++ b/main/iptables/ebtables.initd @@ -0,0 +1,98 @@ +#!/sbin/openrc-run +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $ + +extra_commands="save reload" +extra_started_commands="panic" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} +ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//) +if [ "$ebtables_tables" == "" ] ; then + ebtables_tables=${TABLE_NAMES} +fi + +depend() { + before net + use logger +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in ${ebtables_tables}; do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + ${ebtables_bin}-save ${ebtables_tables} ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} |