commit 9ec3dc4d5d00befe1b59d557cc4d4e34635816c5
Author: Jan Rękorajski <[email protected]>
Date: Sat Apr 9 21:57:09 2016 +0900
- added ebtables init scripts
ebtables-config | 37 +++++++++++++++
ebtables.init | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ebtables.service | 15 ++++++
iptables.spec | 20 ++++++--
4 files changed, 207 insertions(+), 3 deletions(-)
---
diff --git a/iptables.spec b/iptables.spec
index c260d70..e6b1263 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,6 +1,5 @@
#
# TODO:
-# - include init.d+sysconfig files from ebtables.spec in -init?
# - update BR to real required llh version
# - check if kernel-headers are still required to properly build iptabels for
dist kernel
# - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
@@ -47,6 +46,9 @@ Source6: %{name}-config
Source7: %{name6}-config
Source8: %{name}.service
Source9: %{name6}.service
+Source10: ebtables.init
+Source11: ebtables-config
+Source12: ebtables.service
# --- GENERAL CHANGES (patches<10):
Patch0: %{name}-man.patch
# additional utils; off by default
@@ -264,6 +266,10 @@ install -p %{SOURCE7}
$RPM_BUILD_ROOT/etc/sysconfig/%{name6}-config
install -p %{SOURCE8} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
install -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdunitdir}/%{name6}.service
+install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/ebtables
+install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/sysconfig/ebtables-config
+install -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}/ebtables.service
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -271,16 +277,18 @@ rm -rf $RPM_BUILD_ROOT
%postun libs -p /sbin/ldconfig
%post init
+/sbin/chkconfig --add ebtables
/sbin/chkconfig --add %{name}
/sbin/chkconfig --add %{name6}
-%systemd_post %{name}.service %{name6}.service
+%systemd_post %{name}.service %{name6}.service ebtables.service
%preun init
if [ "$1" = "0" ]; then
+ /sbin/chkconfig --del ebtables
/sbin/chkconfig --del %{name}
/sbin/chkconfig --del %{name6}
fi
-%systemd_preun %{name}.service %{name6}.service
+%systemd_preun %{name}.service %{name6}.service ebtables.service
%postun init
%systemd_reload
@@ -288,6 +296,9 @@ fi
%triggerpostun init -- %{name}-init < 1.4.13-2
%systemd_trigger %{name}.service %{name6}.service
+%triggerpostun init -- %{name}-init < 1.6.0-1
+%systemd_trigger ebtables.service
+
%files
%defattr(644,root,root,755)
%{?with_doc:%doc
iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
@@ -500,9 +511,12 @@ fi
%files init
%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/ebtables-config
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}-config
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name6}-config
+%attr(754,root,root) /etc/rc.d/init.d/ebtables
%attr(754,root,root) /etc/rc.d/init.d/iptables
%attr(754,root,root) /etc/rc.d/init.d/ip6tables
+%{systemdunitdir}/ebtables.service
%{systemdunitdir}/%{name}.service
%{systemdunitdir}/%{name6}.service
diff --git a/ebtables-config b/ebtables-config
new file mode 100644
index 0000000..855287b
--- /dev/null
+++ b/ebtables-config
@@ -0,0 +1,37 @@
+# Save (and possibly restore) in text format.
+# Value: yes|no, default: yes
+# Save the firewall rules in text format to /etc/sysconfig/ebtables
+# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
+# is done using this text format.
+EBTABLES_TEXT_FORMAT="yes"
+
+# Save (and restore) in binary format.
+# Value: yes|no, default: yes
+# Save (and restore) the firewall rules in binary format to (and from)
+# /etc/sysconfig/ebtables.<chain>. Enabling this option will make
+# firewall initialisation a lot faster.
+EBTABLES_BINARY_FORMAT="yes"
+
+# Unload modules on restart and stop
+# Value: yes|no, default: yes
+# This option has to be 'yes' to get to a sane state for a firewall
+# restart or stop. Only set to 'no' if there are problems unloading netfilter
+# modules.
+EBTABLES_MODULES_UNLOAD="no"
+
+# Save current firewall rules on stop.
+# Value: yes|no, default: no
+# Saves all firewall rules if firewall gets stopped
+# (e.g. on system shutdown).
+EBTABLES_SAVE_ON_STOP="no"
+
+# Save current firewall rules on restart.
+# Value: yes|no, default: no
+# Saves all firewall rules if firewall gets restarted.
+EBTABLES_SAVE_ON_RESTART="no"
+
+# Save (and restore) rule counters.
+# Value: yes|no, default: no
+# Save rule counters when saving a kernel table to a file. If the
+# rule counters were saved, they will be restored when restoring the table.
+EBTABLES_SAVE_COUNTER="no"
diff --git a/ebtables.init b/ebtables.init
new file mode 100755
index 0000000..75bc29a
--- /dev/null
+++ b/ebtables.init
@@ -0,0 +1,138 @@
+#!/bin/sh
+#
+# init script for the Ethernet Bridge filter tables
+#
+# chkconfig: - 15 85
+# description: Ethernet Bridge filtering tables
+#
+# config: /etc/sysconfig/ebtables (text)
+# /etc/sysconfig/ebtables.<table> (binary)
+
+EBTABLES_CONFIG=/etc/sysconfig/ebtables
+if [ ! -f $EBTABLES_CONFIG ]; then
+ case "$1" in
+ start|restart|force-reload)
+ exit 0
+ ;;
+ esac
+fi
+
+# Source 'em up
+. /etc/rc.d/init.d/functions
+
+#default configuration
+EBTABLES_TEXT_FORMAT="yes"
+EBTABLES_BINARY_FORMAT="yes"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+
+[ -f /etc/sysconfig/ebtables-config ] && . /etc/sysconfig/ebtables-config
+
+if [ "$1" = "--quiet" ]; then
+ shift
+ show() { return 0; }
+ ok() { return 0; }
+ fail() { return 1; }
+fi
+
+start() {
+ # don't do squat if we don't have the config file
+ if [ -f $EBTABLES_CONFIG ]; then
+ show "Starting Ethernet bridge filtering (ebtables)"
+ if is_yes "$EBTABLES_BINARY_FORMAT"; then
+ for table in $(ls /etc/sysconfig/ebtables.* 2>/dev/null
| sed -e 's/.*ebtables\.//' -e '/save/d' ); do
+ /usr/sbin/ebtables -t $table --atomic-file
/etc/sysconfig/ebtables.$table --atomic-commit || RETVAL=1
+ done
+ else
+ /usr/sbin/ebtables-restore < /etc/sysconfig/ebtables ||
RETVAL=1
+ fi
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ touch /var/lock/subsys/ebtables
+ else
+ fail
+ fi
+ fi
+}
+
+stop() {
+ show "Stopping Ethernet bridge filtering (ebtables)"
+ for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^
]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --init-table || RETVAL=1
+ done
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ rm -f /var/lock/subsys/ebtables
+ else
+ fail
+ fi
+}
+
+restart() {
+ stop
+ start
+}
+
+save() {
+ show "Saving Ethernet bridge filtering (ebtables)"
+ if is_yes "$EBTABLES_TEXT_FORMAT"; then
+ if [ -e /etc/sysconfig/ebtables ]; then
+ chmod 0600 /etc/sysconfig/ebtables
+ mv -f /etc/sysconfig/ebtables
/etc/sysconfig/ebtables.save
+ fi
+ /usr/sbin/ebtables-save > /etc/sysconfig/ebtables || RETVAL=1
+ fi
+ if is_yes "$EBTABLES_BINARY_FORMAT"; then
+ rm -f /etc/sysconfig/ebtables.*.save
+ for oldtable in $(ls /etc/sysconfif/ebtables.* 2>/dev/null |
grep -vF 'ebtables.save'); do
+ chmod 0600 $oldtable
+ mv -f $oldtable $oldtable.save
+ done
+ for table in $(grep '^ebtable_' /proc/modules | sed -e
's/ebtable_\([^ ]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --atomic-file
/etc/sysconfig/ebtables.$table --atomic-save || RETVAL=1
+ if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+ /usr/sbin/ebtables -t $table --atomic-file
/etc/sysconfig/ebtables.$table -Z || RETVAL=1
+ fi
+ done
+ fi
+
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ else
+ fail
+ fi
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ is_yes "$EBTABLES_SAVE_ON_STOP" && save
+ stop
+ ;;
+ restart|reload)
+ is_yes "$EBTABLES_SAVE_ON_RESTART" && save
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/ebtables ] && restart
+ RETVAL=$?
+ ;;
+ save)
+ save
+ ;;
+ status)
+ for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^
]*\).*/\1/'); do
+ /usr/sbin/ebtables -t $table --list
+ done
+ ;;
+ *)
+ echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/ebtables.service b/ebtables.service
new file mode 100644
index 0000000..4bf63f3
--- /dev/null
+++ b/ebtables.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Ethernet Bridge filter tables
+After=syslog.target
+ConditionPathExists=/etc/sysconfig/ebtables-config
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/rc.d/init.d/ebtables --quiet start
+ExecStop=/etc/rc.d/init.d/ebtables --quiet stop
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/72bb90f622b756025958bda31f9bc33719436545
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
