From 2eda762379f060d2fadc7bcf89ad7626fac14921 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Thu, 23 Feb 2012 13:10:52 +0000
Subject: main/iptables: optionally enable/disable forwarding in init script

---
 main/iptables/iptables.initd | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'main/iptables/iptables.initd')

diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd
index f7a6015634..3de25229d4 100644
--- a/main/iptables/iptables.initd
+++ b/main/iptables/iptables.initd
@@ -14,13 +14,16 @@ fi
 iptables_bin="/sbin/${iptables_name}"
 case ${iptables_name} in
 	iptables)  iptables_proc="/proc/net/ip_tables_names"
-	           iptables_save=${IPTABLES_SAVE};;
+	           iptables_save=${IPTABLES_SAVE}
+		   sysctl_ipfwd=net.ipv4.ip_forward;;
 	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
-	           iptables_save=${IP6TABLES_SAVE};;
+	           iptables_save=${IP6TABLES_SAVE}
+		   sysctl_ipfwd=net.ipv6.conf.all.forwarding;;
 esac
 
 depend() {
 	before net
+	after sysctl
 	use logger
 	provide firewall
 }
@@ -61,9 +64,19 @@ start() {
 	ebegin "Loading ${iptables_name} state and starting firewall"
 	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
 	eend $?
+	if [ "${IPFORWARD}" = yes ]; then
+		ebegin "Enabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null
+		eend $?
+	fi
 }
 
 stop() {
+	if [ "${IPFORWARD}" = yes ]; then
+		ebegin "Disabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null
+		eend $?
+	fi
 	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
 		save || return 1
 	fi
-- 
cgit v1.2.3