main/iptables: optionally enable/disable forwarding in init script

1 files changed, 15 insertions, 2 deletions

diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd
index f7a601563..3de25229d 100644
--- a/main/iptables/iptables.initd
+++ b/main/iptables/iptables.initd
@@ -14,13 +14,16 @@ fi
 iptables_bin="/sbin/${iptables_name}"
 case ${iptables_name} in
 	iptables)  iptables_proc="/proc/net/ip_tables_names"
-	           iptables_save=${IPTABLES_SAVE};;
+	           iptables_save=${IPTABLES_SAVE}
+		   sysctl_ipfwd=net.ipv4.ip_forward;;
 	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
-	           iptables_save=${IP6TABLES_SAVE};;
+	           iptables_save=${IP6TABLES_SAVE}
+		   sysctl_ipfwd=net.ipv6.conf.all.forwarding;;
 esac
 
 depend() {
 	before net
+	after sysctl
 	use logger
 	provide firewall
 }
@@ -61,9 +64,19 @@ start() {
 	ebegin "Loading ${iptables_name} state and starting firewall"
 	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
 	eend $?
+	if [ "${IPFORWARD}" = yes ]; then
+		ebegin "Enabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null
+		eend $?
+	fi
 }
 
 stop() {
+	if [ "${IPFORWARD}" = yes ]; then
+		ebegin "Disabling forwarding"
+		/sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null
+		eend $?
+	fi
 	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
 		save || return 1
 	fi