diff options
author | Thomas Liske <thomas@fiasko-nw.net> | 2020-03-12 23:34:01 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-14 13:00:55 -0300 |
commit | ca6e5756c35ec262e609f36f858abc504aba0fe1 (patch) | |
tree | 4839f73b8986710dd688e20be9ea5244d1ecfabd | |
parent | d257bf86303c111c0a6407903b162c596fb405de (diff) | |
download | alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.bz2 alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.xz alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.zip |
main/iptables: restore lost init.d script for ebtables
-rw-r--r-- | main/iptables/APKBUILD | 10 | ||||
-rw-r--r-- | main/iptables/ebtables.confd | 15 | ||||
-rw-r--r-- | main/iptables/ebtables.initd | 98 |
3 files changed, 121 insertions, 2 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD index 1aff6b25d6..8d5f5db216 100644 --- a/main/iptables/APKBUILD +++ b/main/iptables/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | pkgname=iptables | 3 | pkgname=iptables |
4 | pkgver=1.8.3 | 4 | pkgver=1.8.3 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="Linux kernel firewall, NAT and packet mangling tools" | 6 | pkgdesc="Linux kernel firewall, NAT and packet mangling tools" |
7 | url="https://www.netfilter.org/projects/iptables/index.html" | 7 | url="https://www.netfilter.org/projects/iptables/index.html" |
8 | arch="all" | 8 | arch="all" |
@@ -16,6 +16,8 @@ source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.b | |||
16 | iptables.initd | 16 | iptables.initd |
17 | iptables.confd | 17 | iptables.confd |
18 | ip6tables.confd | 18 | ip6tables.confd |
19 | ebtables.initd | ||
20 | ebtables.confd | ||
19 | " | 21 | " |
20 | builddir="$srcdir/$pkgname-$pkgver" | 22 | builddir="$srcdir/$pkgname-$pkgver" |
21 | 23 | ||
@@ -61,6 +63,8 @@ package() { | |||
61 | 63 | ||
62 | install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables | 64 | install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables |
63 | install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables | 65 | install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables |
66 | install -D -m755 "$srcdir"/ebtables.initd "$pkgdir"/etc/init.d/ebtables | ||
67 | install -D -m644 "$srcdir"/ebtables.confd "$pkgdir"/etc/conf.d/ebtables | ||
64 | } | 68 | } |
65 | 69 | ||
66 | ip6tables() { | 70 | ip6tables() { |
@@ -85,4 +89,6 @@ ip6tables_openrc() { | |||
85 | sha512sums="84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d iptables-1.8.3.tar.bz2 | 89 | sha512sums="84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d iptables-1.8.3.tar.bz2 |
86 | 059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1 iptables.initd | 90 | 059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1 iptables.initd |
87 | cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e iptables.confd | 91 | cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e iptables.confd |
88 | 0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd" | 92 | 0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd |
93 | c8fccc96610ddc24a3a0c7c2c9f2460b87e582424e338beeb20d77726b27324f89906ef853680e62912ed3544c967469870d78aa6e39de11efda072dd8a4a836 ebtables.initd | ||
94 | b24afd1f5c2f200a1eec6ed7fd63500237dc168bfb9cc1297ffc288d12d30224a1ee84a7f61663daf408c42457dd7deac7594a23e448218806798294e9a1018d ebtables.confd" | ||
diff --git a/main/iptables/ebtables.confd b/main/iptables/ebtables.confd new file mode 100644 index 0000000000..db46ffb587 --- /dev/null +++ b/main/iptables/ebtables.confd | |||
@@ -0,0 +1,15 @@ | |||
1 | # /etc/conf.d/ebtables | ||
2 | |||
3 | # Location in which ebtables initscript will save set rules on | ||
4 | # service shutdown | ||
5 | EBTABLES_SAVE="/var/lib/ebtables/rules-save" | ||
6 | |||
7 | # Options to pass to ebtables-save and ebtables-restore | ||
8 | SAVE_RESTORE_OPTIONS="" | ||
9 | |||
10 | # Save state on stopping ebtables | ||
11 | SAVE_ON_STOP="yes" | ||
12 | |||
13 | # Tables to be saved and restored. If you have built ebtables as modules, you | ||
14 | # may leave it blank. Otherwise, you MUST define which to control. | ||
15 | TABLE_NAMES="filter nat broute" | ||
diff --git a/main/iptables/ebtables.initd b/main/iptables/ebtables.initd new file mode 100644 index 0000000000..c3e8ba92cb --- /dev/null +++ b/main/iptables/ebtables.initd | |||
@@ -0,0 +1,98 @@ | |||
1 | #!/sbin/openrc-run | ||
2 | # Copyright 1999-2007 Gentoo Foundation | ||
3 | # Distributed under the terms of the GNU General Public License v2 | ||
4 | # $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $ | ||
5 | |||
6 | extra_commands="save reload" | ||
7 | extra_started_commands="panic" | ||
8 | |||
9 | ebtables_bin="/sbin/ebtables" | ||
10 | ebtables_save=${EBTABLES_SAVE} | ||
11 | ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//) | ||
12 | if [ "$ebtables_tables" == "" ] ; then | ||
13 | ebtables_tables=${TABLE_NAMES} | ||
14 | fi | ||
15 | |||
16 | depend() { | ||
17 | before net | ||
18 | use logger | ||
19 | } | ||
20 | |||
21 | set_table_policy() { | ||
22 | local chains table=$1 policy=$2 | ||
23 | case ${table} in | ||
24 | nat) chains="PREROUTING POSTROUTING OUTPUT";; | ||
25 | broute) chains="BROUTING";; | ||
26 | filter) chains="INPUT FORWARD OUTPUT";; | ||
27 | *) chains="";; | ||
28 | esac | ||
29 | local chain | ||
30 | for chain in ${chains} ; do | ||
31 | ${ebtables_bin} -t ${table} -P ${chain} ${policy} | ||
32 | done | ||
33 | } | ||
34 | |||
35 | checkconfig() { | ||
36 | if [ ! -f ${ebtables_save} ] ; then | ||
37 | eerror "Not starting ebtables. First create some rules then run:" | ||
38 | eerror "/etc/init.d/ebtables save" | ||
39 | return 1 | ||
40 | fi | ||
41 | return 0 | ||
42 | } | ||
43 | |||
44 | start() { | ||
45 | checkconfig || return 1 | ||
46 | ebegin "Loading ebtables state and starting bridge firewall" | ||
47 | ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" | ||
48 | eend $? | ||
49 | } | ||
50 | |||
51 | stop() { | ||
52 | if [ "${SAVE_ON_STOP}" = "yes" ] ; then | ||
53 | save || return 1 | ||
54 | fi | ||
55 | ebegin "Stopping bridge firewall" | ||
56 | local a | ||
57 | for a in ${ebtables_tables}; do | ||
58 | set_table_policy $a ACCEPT | ||
59 | |||
60 | ${ebtables_bin} -t $a -F | ||
61 | ${ebtables_bin} -t $a -X | ||
62 | done | ||
63 | eend $? | ||
64 | } | ||
65 | |||
66 | reload() { | ||
67 | ebegin "Flushing bridge firewall" | ||
68 | local a | ||
69 | for a in ${ebtables_tables}; do | ||
70 | ${ebtables_bin} -t $a -F | ||
71 | ${ebtables_bin} -t $a -X | ||
72 | done | ||
73 | eend $? | ||
74 | |||
75 | start | ||
76 | } | ||
77 | |||
78 | save() { | ||
79 | ebegin "Saving ebtables state" | ||
80 | touch "${ebtables_save}" | ||
81 | chmod 0600 "${ebtables_save}" | ||
82 | ${ebtables_bin}-save ${ebtables_tables} ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" | ||
83 | eend $? | ||
84 | } | ||
85 | |||
86 | panic() { | ||
87 | service_started ebtables && svc_stop | ||
88 | |||
89 | local a | ||
90 | ebegin "Dropping all packets forwarded on bridges" | ||
91 | for a in ${ebtables_tables}; do | ||
92 | ${ebtables_bin} -t $a -F | ||
93 | ${ebtables_bin} -t $a -X | ||
94 | |||
95 | set_table_policy $a DROP | ||
96 | done | ||
97 | eend $? | ||
98 | } | ||