Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=9569a87be6376d2ef4d5fc86aaa40ab40825d90e
commit 9569a87be6376d2ef4d5fc86aaa40ab40825d90e Author: Miklos Vajna <vmik...@frugalware.org> Date: Thu Oct 20 00:33:21 2011 +0200 iptables-1.4.12.1-2-i686 - add native systemd unit diff --git a/source/network/iptables/FrugalBuild b/source/network/iptables/FrugalBuild index 0006e45..dd91c11 100644 --- a/source/network/iptables/FrugalBuild +++ b/source/network/iptables/FrugalBuild @@ -4,7 +4,7 @@ pkgname=iptables pkgver=1.4.12.1 -pkgrel=1 +pkgrel=2 pkgdesc="IP packet filter administration" url="http://www.iptables.org/" depends=('glibc') @@ -13,8 +13,8 @@ archs=('i686' 'x86_64' 'ppc' 'arm') backup=(etc/sysconfig/{firewall,iptables}) up2date="lynx -dump http://www.iptables.org/projects/iptables/downloads.html|grep bz2$|sed 's/.*-\(.*\)\.t.*/\1/;q'" source=(ftp://ftp.netfilter.org/pub/iptables/iptables-$pkgver.tar.bz2 \ - rc.firewall rc.firewall-hu.po iptables firewall) -signatures=($source.sig '' '' '' '') + rc.firewall rc.firewall-hu.po iptables firewall firewall.libexec firewall.service) +signatures=($source.sig '' '' '' '' '' '') # As you can see, the /etc/sysconfig/firewall file was generated by # iptables-save. I used the following commands before using iptables-save: @@ -30,6 +30,8 @@ build() Ffile /etc/sysconfig/iptables Finstall 600 /etc/sysconfig/firewall Frcd2 firewall + Fexe firewall.libexec /usr/libexec/firewall + Ffile /lib/systemd/system/firewall.service } # optimization OK diff --git a/source/network/iptables/firewall.libexec b/source/network/iptables/firewall.libexec new file mode 100644 index 0000000..4d5c1cf --- /dev/null +++ b/source/network/iptables/firewall.libexec @@ -0,0 +1,19 @@ +#!/bin/bash + +if [ "$1" == "start" ]; then + if [ -e /etc/sysconfig/iptables ]; then + source /etc/sysconfig/iptables + if (( $forward == 1 )) ; then + echo 1 > /proc/sys/net/ipv4/ip_forward + fi + fi + if [ -e /etc/sysconfig/firewall ]; then + /usr/sbin/iptables-restore < /etc/sysconfig/firewall + fi +elif [ "$2" == "stop" ]; then + echo 0 > /proc/sys/net/ipv4/ip_forward + iptables -F && \ + iptables -P INPUT ACCEPT && \ + iptables -P FORWARD ACCEPT && \ + iptables -P OUTPUT ACCEPT +fi diff --git a/source/network/iptables/firewall.service b/source/network/iptables/firewall.service new file mode 100644 index 0000000..d2833ff --- /dev/null +++ b/source/network/iptables/firewall.service @@ -0,0 +1,11 @@ +[Unit] +Description=IPv4 firewall with iptables + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/firewall start +ExecStop=/usr/libexec/firewall stop + +[Install] +WantedBy=multi-user.target diff --git a/source/network/iptables/iptables.install b/source/network/iptables/iptables.install index d568a69..9687e55 100644 --- a/source/network/iptables/iptables.install +++ b/source/network/iptables/iptables.install @@ -2,11 +2,25 @@ post_install() { chkconfig --add rc.firewall + mkdir -p /etc/systemd/system/multi-user.target.wants + ln -s /lib/systemd/system/firewall.service /etc/systemd/system/multi-user.target.wants/ +} + +post_upgrade() +{ + systemctl daemon-reload >/dev/null 2>&1 + # this can be removed after Frugalware-1.6 + if [ `vercmp $2 1.4.12.1-2` -lt 0 ] ; then + if chkconfig rc.firewall; then + post_install + fi + fi } # arg 1: the old package version post_remove() { + rm -f /etc/systemd/system/multi-user.target.wants/firewall.service chkconfig --del rc.firewall } _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git