summaryrefslogtreecommitdiffstats
path: root/main/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'main/iptables')
-rw-r--r--main/iptables/APKBUILD19
-rw-r--r--main/iptables/ip6tables.confd5
-rw-r--r--main/iptables/iptables.confd3
-rw-r--r--main/iptables/iptables.initd21
4 files changed, 35 insertions, 13 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD
index 360dbd483..6ec37c0e9 100644
--- a/main/iptables/APKBUILD
+++ b/main/iptables/APKBUILD
@@ -2,7 +2,7 @@
pkgname=iptables
pkgver=1.4.12.2
-pkgrel=1
+pkgrel=3
pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
url="http://www.iptables.org/"
arch="all"
@@ -25,6 +25,8 @@ prepare() {
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
+ sed -i -e '/if_packet/i#define __aligned_u64 __u64 __attribute__((aligned(8)))' \
+ extensions/libxt_pkttype.c || return 1
}
build() {
@@ -58,25 +60,26 @@ package() {
install -m644 libiptc/libiptc.a "$pkgdir"/usr/lib
install -m755 "$startdir"/iptables.initd "$pkgdir"/etc/init.d/iptables
install -m644 "$startdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables
- install -m644 "$startdir"/ip6tables.confd "$pkgdir"/etc/conf.d/ip6tables
}
ip6tables() {
depends="iptables"
mkdir -p "$subpkgdir"/sbin \
"$subpkgdir"/etc/init.d/ \
+ "$subpkgdir"/etc/conf.d \
"$subpkgdir"/var/lib/ip6tables \
- "$subpkgdir"/usr/libexec/xtables
+ "$subpkgdir"/usr/lib/xtables
mv "$pkgdir"/sbin/ip6* "$subpkgdir"/sbin/
- mv "$pkgdir"/usr/libexec/xtables/libip6* \
- "$subpkgdir"/usr/libexec/xtables/
+ mv "$pkgdir"/usr/lib/xtables/libip6* \
+ "$subpkgdir"/usr/lib/xtables/
install -m755 "$startdir"/iptables.initd \
"$subpkgdir"/etc/init.d/ip6tables
+ install -m644 "$startdir"/ip6tables.confd "$subpkgdir"/etc/conf.d/ip6tables
}
md5sums="212112389c7f10c72efb31a4ed193a4c iptables-1.4.12.2.tar.bz2
ec3e80a1b0ea3e13e4e60824b7ebd1b9 iptables-1.4.2-include-in.patch
-375c4431c6c7a67da28ef9c470fc7e47 iptables.initd
-2ae5c23689c65ed7e827802c47acd426 iptables.confd
-91933090bd9d493c91dcffc0221def61 ip6tables.confd"
+f73fb9a0b9fe42a19d1109b415d86c9c iptables.initd
+c91286c54f8fe0de6ed8950f375cb7a5 iptables.confd
+d3f37ebc2cd3fbfc326c3a8df5a79e11 ip6tables.confd"
diff --git a/main/iptables/ip6tables.confd b/main/iptables/ip6tables.confd
index 6a8d94c75..1fa63f33a 100644
--- a/main/iptables/ip6tables.confd
+++ b/main/iptables/ip6tables.confd
@@ -2,10 +2,13 @@
# Location in which ip6tables initscript will save set rules on
# service shutdown
-IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+IP6TABLES_SAVE="/etc/iptables/rules6-save"
# Options to pass to ip6tables-save and ip6tables-restore
SAVE_RESTORE_OPTIONS="-c"
# Save state on stopping iptables
SAVE_ON_STOP="yes"
+
+# Enable/disable IPv6 forwarding with the rules
+IPFORWARD="no"
diff --git a/main/iptables/iptables.confd b/main/iptables/iptables.confd
index 270c8d4cb..c9e5a685c 100644
--- a/main/iptables/iptables.confd
+++ b/main/iptables/iptables.confd
@@ -9,3 +9,6 @@ SAVE_RESTORE_OPTIONS="-c"
# Save state on stopping iptables
SAVE_ON_STOP="yes"
+
+# Enable/disable IPv4 forwarding with the rules
+IPFORWARD="no"
diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd
index 6054af6e6..fa10476ce 100644
--- a/main/iptables/iptables.initd
+++ b/main/iptables/iptables.initd
@@ -14,15 +14,18 @@ fi
iptables_bin="/sbin/${iptables_name}"
case ${iptables_name} in
iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
+ iptables_save=${IPTABLES_SAVE}
+ sysctl_ipfwd=net.ipv4.ip_forward;;
ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
+ iptables_save=${IP6TABLES_SAVE}
+ sysctl_ipfwd=net.ipv6.conf.all.forwarding;;
esac
depend() {
before net
+ after sysctl
use logger
- provides firewall
+ provide firewall
}
set_table_policy() {
@@ -61,10 +64,20 @@ start() {
ebegin "Loading ${iptables_name} state and starting firewall"
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
eend $?
+ if yesno "${IPFORWARD}"; then
+ ebegin "Enabling forwarding"
+ /sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null
+ eend $?
+ fi
}
stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ if yesno "${IPFORWARD}"; then
+ ebegin "Disabling forwarding"
+ /sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null
+ eend $?
+ fi
+ if yesno "${SAVE_ON_STOP}"; then
save || return 1
fi
checkkernel || return 1
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 22:53:09 +0000