diff options
Diffstat (limited to 'main/nftables/nftables.initd')
| -rw-r--r-- | main/nftables/nftables.initd | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/main/nftables/nftables.initd b/main/nftables/nftables.initd index 6035d1a7bc..56d31c3bba 100644 --- a/main/nftables/nftables.initd +++ b/main/nftables/nftables.initd @@ -16,9 +16,11 @@ description_reload="Clear current rulesets and load rulesets from the saved rule : ${rules_file:=${NFTABLES_SAVE:="/var/lib/nftables/rules-save"}} : ${save_options:=${SAVE_OPTIONS:="-n"}} : ${save_on_stop:=${SAVE_ON_STOP:="yes"}} +: ${enable_forwarding:="no"} depend() { need localmount + after sysctl before net provide firewall } @@ -74,7 +76,13 @@ start() { ebegin "Loading nftables state and starting firewall" nft -f "$rules_file" - eend $? + eend $? || return 1 + + if yesno "$ip_forward"; then + ebegin "Enabling forwarding" + forwarding 1 + eend $? || return 1 + fi } stop() { @@ -82,6 +90,12 @@ stop() { save || return 1 fi + if yesno "$enable_forwarding"; then + ebegin "Disabling forwarding" + forwarding 0 + eend $? + fi + ebegin "Stopping firewall" nft flush ruleset eend $? @@ -104,3 +118,10 @@ checkkernel() { fi return 0 } + +forwarding() { + /sbin/sysctl -qw \ + net.ipv4.ip_forward=$1 \ + net.ipv6.conf.default.forwarding=$1 \ + net.ipv6.conf.all.forwarding=$1 +} |