diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-02-23 13:10:52 +0000 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-02-23 13:10:52 +0000 |
commit | 2eda762379f060d2fadc7bcf89ad7626fac14921 (patch) | |
tree | 3b19e50a298f5ff48f4097cdd5a4bdcd3a7e4119 /main | |
parent | 836801afd6326a30b061fbae7dd0469a9a46049f (diff) | |
download | aports-2eda762379f060d2fadc7bcf89ad7626fac14921.tar.bz2 aports-2eda762379f060d2fadc7bcf89ad7626fac14921.tar.xz |
main/iptables: optionally enable/disable forwarding in init script
Diffstat (limited to 'main')
-rw-r--r-- | main/iptables/APKBUILD | 6 | ||||
-rw-r--r-- | main/iptables/ip6tables.confd | 3 | ||||
-rw-r--r-- | main/iptables/iptables.confd | 3 | ||||
-rw-r--r-- | main/iptables/iptables.initd | 17 |
4 files changed, 24 insertions, 5 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD index 72cca9ca70..52278757ac 100644 --- a/main/iptables/APKBUILD +++ b/main/iptables/APKBUILD @@ -80,6 +80,6 @@ ip6tables() { md5sums="212112389c7f10c72efb31a4ed193a4c iptables-1.4.12.2.tar.bz2 ec3e80a1b0ea3e13e4e60824b7ebd1b9 iptables-1.4.2-include-in.patch -d67d7e544c8af8cff63e8c89dbc96eb5 iptables.initd -2ae5c23689c65ed7e827802c47acd426 iptables.confd -b9e4eb7e6ee2cd3e76de27379e43834e ip6tables.confd" +a2801a7226d5f054ca5611cf8a9cc419 iptables.initd +c91286c54f8fe0de6ed8950f375cb7a5 iptables.confd +d3f37ebc2cd3fbfc326c3a8df5a79e11 ip6tables.confd" diff --git a/main/iptables/ip6tables.confd b/main/iptables/ip6tables.confd index 57241f2239..1fa63f33a6 100644 --- a/main/iptables/ip6tables.confd +++ b/main/iptables/ip6tables.confd @@ -9,3 +9,6 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# Enable/disable IPv6 forwarding with the rules +IPFORWARD="no" diff --git a/main/iptables/iptables.confd b/main/iptables/iptables.confd index 270c8d4cb5..c9e5a685ce 100644 --- a/main/iptables/iptables.confd +++ b/main/iptables/iptables.confd @@ -9,3 +9,6 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# Enable/disable IPv4 forwarding with the rules +IPFORWARD="no" diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd index f7a6015634..3de25229d4 100644 --- a/main/iptables/iptables.initd +++ b/main/iptables/iptables.initd @@ -14,13 +14,16 @@ fi iptables_bin="/sbin/${iptables_name}" case ${iptables_name} in iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; + iptables_save=${IPTABLES_SAVE} + sysctl_ipfwd=net.ipv4.ip_forward;; ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; + iptables_save=${IP6TABLES_SAVE} + sysctl_ipfwd=net.ipv6.conf.all.forwarding;; esac depend() { before net + after sysctl use logger provide firewall } @@ -61,9 +64,19 @@ start() { ebegin "Loading ${iptables_name} state and starting firewall" ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" eend $? + if [ "${IPFORWARD}" = yes ]; then + ebegin "Enabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null + eend $? + fi } stop() { + if [ "${IPFORWARD}" = yes ]; then + ebegin "Disabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null + eend $? + fi if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi |