Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 412988 Details for
Bug 560920
net-firewall/nftables-0.5 init script is broken
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated init script for users of kernel versions 3.18 or newer
nftables.init (text/plain), 2.32 KB, created by
nvinson234
on 2015-09-26 17:31:08 UTC
(
hide
)
Description:
Updated init script for users of kernel versions 3.18 or newer
Filename:
MIME Type:
Creator:
nvinson234
Created:
2015-09-26 17:31:08 UTC
Size:
2.32 KB
patch
obsolete
>#!/sbin/runscript ># Copyright 2014 Nicholas Vinson ># Copyright 1999-2014 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 > >extra_commands="clear list panic save" >extra_started_commands="reload" > >depend() { > need localmount #434774 > before net >} > >checkkernel() { > if ! nft list tables >/dev/null 2>&1; then > eerror "Your kernel lacks nftables support, please load" > eerror "appropriate modules and try again." > return 1 > fi > return 0 >} > >checkconfig() { > if [ ! -f ${NFTABLES_SAVE} ]; then > eerror "Not starting nftables. First create some rules then run:" > eerror "rc-service nftables save" > return 1 > fi > return 0 >} > >start_pre() { > checkkernel || return 1 > checkconfig || return 1 > return 0 >} > >start() { > ebegin "Loading nftables state and starting firewall" > clear > nft -f ${NFTABLES_SAVE} > eend $? >} > >stop() { > if yesno ${SAVE_ON_STOP:-yes}; then > save || return 1 > fi > > ebegin "Stopping firewall" > clear > eend $? >} > >reload() { > checkkernel || return 1 > ebegin "Flushing firewall" > clear > start >} > >clear() { > nft flush ruleset >} > >list() { > nft list ruleset >} > >save() { > ebegin "Saving nftables state" > checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" > checkpath -q -m 0600 -f "${NFTABLES_SAVE}" > > local tmp_save="${NFTABLES_SAVE}.tmp" > > nft list ruleset > ${tmp_save} > mv ${tmp_save} ${NFTABLES_SAVE} >} > >panic() { > checkkernel || return 1 > if service_started ${RC_SVCNAME}; then > rc-service ${RC_SVCNAME} stop > fi > > ebegin "Dropping all packets" > clear > echo -e " \ > table ip filter {\n \ > chain input {\n \ > type filter hook input priority 0; policy drop;\n \ > }\n \ > chain forward {\n \ > type filter hook forward priority 0; policy drop;\n \ > }\n \ > chain output {\n \ > type filter hook output priority 0; policy drop;\n \ > }\n \ > }\n \ > table ip6 filter {\n \ > chain input {\n \ > type filter hook input priority 0; policy drop;\n \ > }\n \ > chain forward {\n \ > type filter hook forward priority 0; policy drop;\n \ > }\n \ > chain output {\n \ > type filter hook output priority 0; policy drop;\n \ > }\n \ > }\n" | nft -f /dev/stdin >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 560920
:
412362
|
412986
|
412988
|
412990
|
413944
|
413946
|
413948
|
413950
|
413972
|
413974
|
413976
|
413978
|
413980
|
414588
|
414590
|
414592