main/iptables: restore lost init.d script for ebtables

author: Thomas Liske <thomas@fiasko-nw.net> 2020-03-12 23:34:01 +0100
committer: Leo <thinkabit.ukim@gmail.com> 2020-03-14 13:00:55 -0300
commit: ca6e5756c35ec262e609f36f858abc504aba0fe1 (patch)
tree: 4839f73b8986710dd688e20be9ea5244d1ecfabd
parent: d257bf86303c111c0a6407903b162c596fb405de (diff)
download: alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.bz2
alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.xz
alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.zip
3 files changed, 121 insertions, 2 deletions
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD
index 1aff6b25d6..8d5f5db216 100644
--- a/main/iptables/APKBUILD
+++ b/main/iptables/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=iptables
 pkgver=1.8.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
 url="https://www.netfilter.org/projects/iptables/index.html"
 arch="all"
@@ -16,6 +16,8 @@ source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.b
        iptables.initd
        iptables.confd
        ip6tables.confd
+        ebtables.initd
+        ebtables.confd
        "
 builddir="$srcdir/$pkgname-$pkgver"
@@ -61,6 +63,8 @@ package() {
        install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables
        install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables
+        install -D -m755 "$srcdir"/ebtables.initd "$pkgdir"/etc/init.d/ebtables
+        install -D -m644 "$srcdir"/ebtables.confd "$pkgdir"/etc/conf.d/ebtables
 }
 ip6tables() {
@@ -85,4 +89,6 @@ ip6tables_openrc() {
 sha512sums="84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d  iptables-1.8.3.tar.bz2
 059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1  iptables.initd
 cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e  iptables.confd
-0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4  ip6tables.confd"
+0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4  ip6tables.confd
+c8fccc96610ddc24a3a0c7c2c9f2460b87e582424e338beeb20d77726b27324f89906ef853680e62912ed3544c967469870d78aa6e39de11efda072dd8a4a836  ebtables.initd
+b24afd1f5c2f200a1eec6ed7fd63500237dc168bfb9cc1297ffc288d12d30224a1ee84a7f61663daf408c42457dd7deac7594a23e448218806798294e9a1018d  ebtables.confd"
diff --git a/main/iptables/ebtables.confd b/main/iptables/ebtables.confd
new file mode 100644
index 0000000000..db46ffb587
--- /dev/null
+++ b/main/iptables/ebtables.confd
@@ -0,0 +1,15 @@
+# /etc/conf.d/ebtables
+# Location in which ebtables initscript will save set rules on 
+# service shutdown
+EBTABLES_SAVE="/var/lib/ebtables/rules-save"
+# Options to pass to ebtables-save and ebtables-restore 
+SAVE_RESTORE_OPTIONS=""
+# Save state on stopping ebtables
+SAVE_ON_STOP="yes"
+# Tables to be saved and restored. If you have built ebtables as modules, you
+# may leave it blank. Otherwise, you MUST define which to control.
+TABLE_NAMES="filter nat broute"
diff --git a/main/iptables/ebtables.initd b/main/iptables/ebtables.initd
new file mode 100644
index 0000000000..c3e8ba92cb
--- /dev/null
+++ b/main/iptables/ebtables.initd
@@ -0,0 +1,98 @@
+#!/sbin/openrc-run
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $
+extra_commands="save reload"
+extra_started_commands="panic"
+ebtables_bin="/sbin/ebtables"
+ebtables_save=${EBTABLES_SAVE}
+ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//)
+if [ "$ebtables_tables" == "" ] ; then
+        ebtables_tables=${TABLE_NAMES}
+fi
+depend() {
+        before net
+        use logger
+}
+set_table_policy() {
+        local chains table=$1 policy=$2
+        case ${table} in
+                nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+                broute) chains="BROUTING";;
+                filter) chains="INPUT FORWARD OUTPUT";;
+                *)      chains="";;
+        esac
+        local chain
+        for chain in ${chains} ; do
+                ${ebtables_bin} -t ${table} -P ${chain} ${policy}
+        done
+}
+checkconfig() {
+        if [ ! -f ${ebtables_save} ] ; then
+                eerror "Not starting ebtables.  First create some rules then run:"
+                eerror "/etc/init.d/ebtables save"
+                return 1
+        fi
+        return 0
+}
+start() {
+        checkconfig || return 1
+        ebegin "Loading ebtables state and starting bridge firewall"
+        ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}"
+        eend $?
+}
+stop() {
+        if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+                save || return 1
+        fi
+        ebegin "Stopping bridge firewall"
+        local a
+        for a in ${ebtables_tables}; do
+                set_table_policy $a ACCEPT
+                ${ebtables_bin} -t $a -F
+                ${ebtables_bin} -t $a -X
+        done
+        eend $?
+}
+reload() {
+        ebegin "Flushing bridge firewall"
+        local a
+        for a in ${ebtables_tables}; do
+                ${ebtables_bin} -t $a -F
+                ${ebtables_bin} -t $a -X
+        done
+        eend $?
+        start
+}
+save() {
+        ebegin "Saving ebtables state"
+        touch "${ebtables_save}"
+        chmod 0600 "${ebtables_save}"
+        ${ebtables_bin}-save ${ebtables_tables} ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}"
+        eend $?
+}
+panic() {
+        service_started ebtables && svc_stop
+        local a
+        ebegin "Dropping all packets forwarded on bridges"
+        for a in ${ebtables_tables}; do
+                ${ebtables_bin} -t $a -F
+                ${ebtables_bin} -t $a -X
+                set_table_policy $a DROP
+        done
+        eend $?
+}
author	Thomas Liske <thomas@fiasko-nw.net>	2020-03-12 23:34:01 +0100
committer	Leo <thinkabit.ukim@gmail.com>	2020-03-14 13:00:55 -0300
commit	ca6e5756c35ec262e609f36f858abc504aba0fe1 (patch)
tree	4839f73b8986710dd688e20be9ea5244d1ecfabd
parent	d257bf86303c111c0a6407903b162c596fb405de (diff)
download	alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.bz2 alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.tar.xz alpine_aports-ca6e5756c35ec262e609f36f858abc504aba0fe1.zip

diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD index 1aff6b25d6..8d5f5db216 100644 --- a/main/iptables/APKBUILD +++ b/main/iptables/APKBUILD
@@ -2,7 +2,7 @@
2		2
3	pkgname=iptables	3	pkgname=iptables
4	pkgver=1.8.3	4	pkgver=1.8.3
5	pkgrel=1	5	pkgrel=2
6	pkgdesc="Linux kernel firewall, NAT and packet mangling tools"	6	pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
7	url="https://www.netfilter.org/projects/iptables/index.html"	7	url="https://www.netfilter.org/projects/iptables/index.html"
8	arch="all"	8	arch="all"
@@ -16,6 +16,8 @@ source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.b
16	iptables.initd	16	iptables.initd
17	iptables.confd	17	iptables.confd
18	ip6tables.confd	18	ip6tables.confd
		19	ebtables.initd
		20	ebtables.confd
19	"	21	"
20	builddir="$srcdir/$pkgname-$pkgver"	22	builddir="$srcdir/$pkgname-$pkgver"
21		23
@@ -61,6 +63,8 @@ package() {
61		63
62	install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables	64	install -D -m755 "$srcdir"/iptables.initd "$pkgdir"/etc/init.d/iptables
63	install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables	65	install -D -m644 "$srcdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables
		66	install -D -m755 "$srcdir"/ebtables.initd "$pkgdir"/etc/init.d/ebtables
		67	install -D -m644 "$srcdir"/ebtables.confd "$pkgdir"/etc/conf.d/ebtables
64	}	68	}
65		69
66	ip6tables() {	70	ip6tables() {
@@ -85,4 +89,6 @@ ip6tables_openrc() {
85	sha512sums="84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d iptables-1.8.3.tar.bz2	89	sha512sums="84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d iptables-1.8.3.tar.bz2
86	059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1 iptables.initd	90	059b3bd8dd7dec60060ec5eb1e639fe8203207629f3a7dd4fdbe5ebca3f7e9b80df5592ebb27542e31830fd15a53cffac5772567053c104dfccf9b78613a31a1 iptables.initd
87	cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e iptables.confd	91	cb7fecd5cab2c78bd3f215a41f39ec11c37eb360efbe83982378a0e647e0aa9dc0b7ec915a5b5081aa2f7747464787e69404aa15ba15a063c32cb8fb7dd13d1e iptables.confd
88	0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd"	92	0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd
		93	c8fccc96610ddc24a3a0c7c2c9f2460b87e582424e338beeb20d77726b27324f89906ef853680e62912ed3544c967469870d78aa6e39de11efda072dd8a4a836 ebtables.initd
		94	b24afd1f5c2f200a1eec6ed7fd63500237dc168bfb9cc1297ffc288d12d30224a1ee84a7f61663daf408c42457dd7deac7594a23e448218806798294e9a1018d ebtables.confd"


diff --git a/main/iptables/ebtables.confd b/main/iptables/ebtables.confd new file mode 100644 index 0000000000..db46ffb587 --- /dev/null +++ b/main/iptables/ebtables.confd
@@ -0,0 +1,15 @@
		1	# /etc/conf.d/ebtables
		2
		3	# Location in which ebtables initscript will save set rules on
		4	# service shutdown
		5	EBTABLES_SAVE="/var/lib/ebtables/rules-save"
		6
		7	# Options to pass to ebtables-save and ebtables-restore
		8	SAVE_RESTORE_OPTIONS=""
		9
		10	# Save state on stopping ebtables
		11	SAVE_ON_STOP="yes"
		12
		13	# Tables to be saved and restored. If you have built ebtables as modules, you
		14	# may leave it blank. Otherwise, you MUST define which to control.
		15	TABLE_NAMES="filter nat broute"


diff --git a/main/iptables/ebtables.initd b/main/iptables/ebtables.initd new file mode 100644 index 0000000000..c3e8ba92cb --- /dev/null +++ b/main/iptables/ebtables.initd
@@ -0,0 +1,98 @@
		1	#!/sbin/openrc-run
		2	# Copyright 1999-2007 Gentoo Foundation
		3	# Distributed under the terms of the GNU General Public License v2
		4	# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $
		5
		6	extra_commands="save reload"
		7	extra_started_commands="panic"
		8
		9	ebtables_bin="/sbin/ebtables"
		10	ebtables_save=${EBTABLES_SAVE}
		11	ebtables_tables=$(grep -E '^ebtable_' /proc/modules \| cut -f1 -d' ' \| sed s/ebtable_//)
		12	if [ "$ebtables_tables" == "" ] ; then
		13	ebtables_tables=${TABLE_NAMES}
		14	fi
		15
		16	depend() {
		17	before net
		18	use logger
		19	}
		20
		21	set_table_policy() {
		22	local chains table=$1 policy=$2
		23	case ${table} in
		24	nat) chains="PREROUTING POSTROUTING OUTPUT";;
		25	broute) chains="BROUTING";;
		26	filter) chains="INPUT FORWARD OUTPUT";;
		27	*) chains="";;
		28	esac
		29	local chain
		30	for chain in ${chains} ; do
		31	${ebtables_bin} -t ${table} -P ${chain} ${policy}
		32	done
		33	}
		34
		35	checkconfig() {
		36	if [ ! -f ${ebtables_save} ] ; then
		37	eerror "Not starting ebtables. First create some rules then run:"
		38	eerror "/etc/init.d/ebtables save"
		39	return 1
		40	fi
		41	return 0
		42	}
		43
		44	start() {
		45	checkconfig \|\| return 1
		46	ebegin "Loading ebtables state and starting bridge firewall"
		47	${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}"
		48	eend $?
		49	}
		50
		51	stop() {
		52	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
		53	save \|\| return 1
		54	fi
		55	ebegin "Stopping bridge firewall"
		56	local a
		57	for a in ${ebtables_tables}; do
		58	set_table_policy $a ACCEPT
		59
		60	${ebtables_bin} -t $a -F
		61	${ebtables_bin} -t $a -X
		62	done
		63	eend $?
		64	}
		65
		66	reload() {
		67	ebegin "Flushing bridge firewall"
		68	local a
		69	for a in ${ebtables_tables}; do
		70	${ebtables_bin} -t $a -F
		71	${ebtables_bin} -t $a -X
		72	done
		73	eend $?
		74
		75	start
		76	}
		77
		78	save() {
		79	ebegin "Saving ebtables state"
		80	touch "${ebtables_save}"
		81	chmod 0600 "${ebtables_save}"
		82	${ebtables_bin}-save ${ebtables_tables} ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}"
		83	eend $?
		84	}
		85
		86	panic() {
		87	service_started ebtables && svc_stop
		88
		89	local a
		90	ebegin "Dropping all packets forwarded on bridges"
		91	for a in ${ebtables_tables}; do
		92	${ebtables_bin} -t $a -F
		93	${ebtables_bin} -t $a -X
		94
		95	set_table_policy $a DROP
		96	done
		97	eend $?
		98	}