[PATCH 1/1] Add iptables service script

From: "P. J. McDermott" <pj АТ pehjota DОТ net>

---
 build                      |  3 +++
 changelog                  |  1 +
 iptables.pkg/control       |  4 ++++
 iptables.pkg/files         |  1 +
 iptables.pkg/iptables.init | 38 ++++++++++++++++++++++++++++++++++++++
 iptables.pkg/postinst      |  5 +++++
 iptables.pkg/prerm         |  5 +++++
 7 files changed, 57 insertions(+)
 create mode 100644 iptables.pkg/iptables.init
 create mode 100644 iptables.pkg/postinst
 create mode 100644 iptables.pkg/prerm

diff --git a/build b/build
index 96d8ed8..d7adfbc 100755
--- a/build
+++ b/build
@@ -16,6 +16,9 @@ install: build
 	rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libip6tc.la"
 	rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libiptc.la"
 	rm -f "dest/usr/lib/$(OPK_HOST_ARCH)/libxtables.la"
+	install -d -m 0755 dest/etc/init.d
+	install -p -m 0755 ../iptables.pkg/iptables.init \
+		dest/etc/init.d/iptables
 	oh-fixperms
 	oh-strip
 	oh-installfiles
diff --git a/changelog b/changelog
index c820dbb..a1a7a9e 100644
--- a/changelog
+++ b/changelog
@@ -4,6 +4,7 @@ iptables (1.4.21-2) trunk
   * Moved libxtables.so into the libxtables.10-dev package.
   * Removed the dest/ directory from libxtables.10
   * Removed the xtables pkg-config files from libiptc.0-dev
+  * /etc/init.d/iptables: New service initialization script.
 
  -- "Daniel sea McChlery" <sea АТ members DОТ fsf DОТ org>  Wed Jun 25 2014 17:56:22 -0400
 
diff --git a/iptables.pkg/control b/iptables.pkg/control
index 0a7bde7..cd1dc51 100644
--- a/iptables.pkg/control
+++ b/iptables.pkg/control
@@ -1,5 +1,9 @@
 Architecture: any-linux-any
 Platform: all
 Depends: iptables-common (>= ${Source-Version}), libxtables.10, libiptc.0
+# busybox provided /etc/init.d/iptables from version 1.21.1-9 to version
+# 1.21.1-11, so we need to declare a conflict with those versions of busybox.
+Replaces: busybox (<< 1.21.1-12)
+Conflicts: busybox (<< 1.21.1-12)
 Description: iptables binary tools
  The iptables tools are used to manipulate kernel firewall tables.
diff --git a/iptables.pkg/files b/iptables.pkg/files
index ec51757..b5e149b 100644
--- a/iptables.pkg/files
+++ b/iptables.pkg/files
@@ -1,2 +1,3 @@
 /usr/bin
 /usr/sbin
+/etc/init.d/iptables
diff --git a/iptables.pkg/iptables.init b/iptables.pkg/iptables.init
new file mode 100644
index 0000000..31a9311
--- /dev/null
+++ b/iptables.pkg/iptables.init
@@ -0,0 +1,38 @@
+#!/bin/sh /etc/rc.common
+
+START='25'
+STOP='75'
+
+start()
+{
+	[ -r /etc/iptables ] || return 0
+
+	log 'Loading iptables rules'
+
+	/bin/sh /etc/iptables
+}
+
+stop()
+{
+	local table=
+	local chains=
+	local chain=
+
+	[ -r /etc/iptables ] || return 0
+
+	log 'Flushing iptables rules'
+
+	# For each table (raw, nat, mangle, filter, etc.):
+	for table in $(cat /proc/net/ip_tables_names); do
+		# Flush all the rules in all the chains and delete all the
+		# user-defined chains.
+		/usr/sbin/iptables -t "${table}" -F
+		/usr/sbin/iptables -t "${table}" -X
+		chains="$(/usr/sbin/iptables -t "${table}" -L -n | \
+			sed -n 's/^Chain \([^ ]*\).*$/\1/p')"
+		for chain in ${chains}; do
+			# Set the chain's policy to the "ACCEPT" target.
+			iptables -t "${table}" -P "${chain}" ACCEPT
+		done
+	done
+}
diff --git a/iptables.pkg/postinst b/iptables.pkg/postinst
new file mode 100644
index 0000000..c120f92
--- /dev/null
+++ b/iptables.pkg/postinst
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ "x${1}" = 'xconfigure' ]; then
+	/etc/init.d/iptables enable
+fi
diff --git a/iptables.pkg/prerm b/iptables.pkg/prerm
new file mode 100644
index 0000000..231d281
--- /dev/null
+++ b/iptables.pkg/prerm
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ "x${1}" = 'xremove' ]; then
+	/etc/init.d/iptables disable
+fi
-- 
2.1.1