diff options
| -rw-r--r-- | main/iptables/APKBUILD | 6 | ||||
| -rw-r--r-- | main/iptables/ip6tables.confd | 3 | ||||
| -rw-r--r-- | main/iptables/iptables.confd | 3 | ||||
| -rw-r--r-- | main/iptables/iptables.initd | 17 |
4 files changed, 24 insertions, 5 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD index 72cca9ca7..52278757a 100644 --- a/main/iptables/APKBUILD +++ b/main/iptables/APKBUILD @@ -80,6 +80,6 @@ ip6tables() { md5sums="212112389c7f10c72efb31a4ed193a4c iptables-1.4.12.2.tar.bz2 ec3e80a1b0ea3e13e4e60824b7ebd1b9 iptables-1.4.2-include-in.patch -d67d7e544c8af8cff63e8c89dbc96eb5 iptables.initd -2ae5c23689c65ed7e827802c47acd426 iptables.confd -b9e4eb7e6ee2cd3e76de27379e43834e ip6tables.confd" +a2801a7226d5f054ca5611cf8a9cc419 iptables.initd +c91286c54f8fe0de6ed8950f375cb7a5 iptables.confd +d3f37ebc2cd3fbfc326c3a8df5a79e11 ip6tables.confd" diff --git a/main/iptables/ip6tables.confd b/main/iptables/ip6tables.confd index 57241f223..1fa63f33a 100644 --- a/main/iptables/ip6tables.confd +++ b/main/iptables/ip6tables.confd @@ -9,3 +9,6 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# Enable/disable IPv6 forwarding with the rules +IPFORWARD="no" diff --git a/main/iptables/iptables.confd b/main/iptables/iptables.confd index 270c8d4cb..c9e5a685c 100644 --- a/main/iptables/iptables.confd +++ b/main/iptables/iptables.confd @@ -9,3 +9,6 @@ SAVE_RESTORE_OPTIONS="-c" # Save state on stopping iptables SAVE_ON_STOP="yes" + +# Enable/disable IPv4 forwarding with the rules +IPFORWARD="no" diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd index f7a601563..3de25229d 100644 --- a/main/iptables/iptables.initd +++ b/main/iptables/iptables.initd @@ -14,13 +14,16 @@ fi iptables_bin="/sbin/${iptables_name}" case ${iptables_name} in iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; + iptables_save=${IPTABLES_SAVE} + sysctl_ipfwd=net.ipv4.ip_forward;; ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; + iptables_save=${IP6TABLES_SAVE} + sysctl_ipfwd=net.ipv6.conf.all.forwarding;; esac depend() { before net + after sysctl use logger provide firewall } @@ -61,9 +64,19 @@ start() { ebegin "Loading ${iptables_name} state and starting firewall" ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" eend $? + if [ "${IPFORWARD}" = yes ]; then + ebegin "Enabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null + eend $? + fi } stop() { + if [ "${IPFORWARD}" = yes ]; then + ebegin "Disabling forwarding" + /sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null + eend $? + fi if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi |