[PATCH 1/1] Add iptables service script
- From: "Patrick 'P. J.' McDermott" <pj+proteanos-ml АТ pehjota DОТ net>
- To: Daniel sea McChlery <sea АТ members DОТ fsf DОТ org>
- Cc: "P. J. McDermott" <pj АТ pehjota DОТ net>, proteanos-dev АТ lists DОТ proteanos DОТ com
- Date: Sat, 11 Oct 2014 22:57:13 -0400
- Message-id: <1413082633-20343-2-git-send-email-pj+proteanos-ml АТ pehjota DОТ net>
From: "P. J. McDermott" <pj АТ pehjota DОТ net>
---
build | 3 +++
changelog | 1 +
iptables.pkg/control | 4 ++++
iptables.pkg/files | 1 +
iptables.pkg/iptables.init | 38 ++++++++++++++++++++++++++++++++++++++
iptables.pkg/postinst | 5 +++++
iptables.pkg/prerm | 5 +++++
7 files changed, 57 insertions(+)
create mode 100644 iptables.pkg/iptables.init
create mode 100644 iptables.pkg/postinst
create mode 100644 iptables.pkg/prerm
diff --git a/build b/build
index 96d8ed8..d7adfbc 100755
--- a/build
+++ b/build
@@ -16,6 +16,9 @@ install: build
rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libip6tc.la"
rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libiptc.la"
rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libxtables.la"
+ install -d -m 0755 dest/etc/init.d
+ install -p -m 0755 ../iptables.pkg/iptables.init \
+ dest/etc/init.d/iptables
oh-fixperms
oh-strip
oh-installfiles
diff --git a/changelog b/changelog
index c820dbb..a1a7a9e 100644
--- a/changelog
+++ b/changelog
@@ -4,6 +4,7 @@ iptables (1.4.21-2) trunk
* Moved libxtables.so into the libxtables.10-dev package.
* Removed the dest/ directory from libxtables.10
* Removed the xtables pkg-config files from libiptc.0-dev
+ * /etc/init.d/iptables: New service initialization script.
-- "Daniel sea McChlery" <sea АТ members DОТ fsf DОТ org> Wed Jun 25 2014 17:56:22 -0400
diff --git a/iptables.pkg/control b/iptables.pkg/control
index 0a7bde7..cd1dc51 100644
--- a/iptables.pkg/control
+++ b/iptables.pkg/control
@@ -1,5 +1,9 @@
Architecture: any-linux-any
Platform: all
Depends: iptables-common (>= ${Source-Version}), libxtables.10, libiptc.0
+# busybox provided /etc/init.d/iptables from version 1.21.1-9 to version
+# 1.21.1-11, so we need to declare a conflict with those versions of busybox.
+Replaces: busybox (<< 1.21.1-12)
+Conflicts: busybox (<< 1.21.1-12)
Description: iptables binary tools
The iptables tools are used to manipulate kernel firewall tables.
diff --git a/iptables.pkg/files b/iptables.pkg/files
index ec51757..b5e149b 100644
--- a/iptables.pkg/files
+++ b/iptables.pkg/files
@@ -1,2 +1,3 @@
/usr/bin
/usr/sbin
+/etc/init.d/iptables
diff --git a/iptables.pkg/iptables.init b/iptables.pkg/iptables.init
new file mode 100644
index 0000000..31a9311
--- /dev/null
+++ b/iptables.pkg/iptables.init
@@ -0,0 +1,38 @@
+#!/bin/sh /etc/rc.common
+
+START='25'
+STOP='75'
+
+start()
+{
+ [ -r /etc/iptables ] || return 0
+
+ log 'Loading iptables rules'
+
+ /bin/sh /etc/iptables
+}
+
+stop()
+{
+ local table=
+ local chains=
+ local chain=
+
+ [ -r /etc/iptables ] || return 0
+
+ log 'Flushing iptables rules'
+
+ # For each table (raw, nat, mangle, filter, etc.):
+ for table in $(cat /proc/net/ip_tables_names); do
+ # Flush all the rules in all the chains and delete all the
+ # user-defined chains.
+ /usr/sbin/iptables -t "${table}" -F
+ /usr/sbin/iptables -t "${table}" -X
+ chains="$(/usr/sbin/iptables -t "${table}" -L -n | \
+ sed -n 's/^Chain \([^ ]*\).*$/\1/p')"
+ for chain in ${chains}; do
+ # Set the chain's policy to the "ACCEPT" target.
+ iptables -t "${table}" -P "${chain}" ACCEPT
+ done
+ done
+}
diff --git a/iptables.pkg/postinst b/iptables.pkg/postinst
new file mode 100644
index 0000000..c120f92
--- /dev/null
+++ b/iptables.pkg/postinst
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ "x${1}" = 'xconfigure' ]; then
+ /etc/init.d/iptables enable
+fi
diff --git a/iptables.pkg/prerm b/iptables.pkg/prerm
new file mode 100644
index 0000000..231d281
--- /dev/null
+++ b/iptables.pkg/prerm
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ "x${1}" = 'xremove' ]; then
+ /etc/init.d/iptables disable
+fi
--
2.1.1