Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 413976 Details for
Bug 560920
net-firewall/nftables-0.5 init script is broken
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Revised nftables init script
nftables.init (text/plain), 5.22 KB, created by
nvinson234
on 2015-10-07 11:21:34 UTC
(
hide
)
Description:
Revised nftables init script
Filename:
MIME Type:
Creator:
nvinson234
Created:
2015-10-07 11:21:34 UTC
Size:
5.22 KB
patch
obsolete
>#!/sbin/runscript ># Copyright 2014 Nicholas Vinson ># Copyright 1999-2014 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 > >extra_commands="clear list panic save" >extra_started_commands="reload" >depend() { > need localmount #434774 > before net >} > >start_pre() { > checkkernel || return 1 > checkconfig || return 1 > return 0 >} > >clear() { > if use_legacy; then > clear_legacy > return 0 > fi > > nft flush ruleset >} > >list() { > if use_legacy; then > list_legacy > return 0 > fi > > nft list ruleset >} > >panic() { > checkkernel || return 1 > if service_started ${RC_SVCNAME}; then > rc-service ${RC_SVCNAME} stop > fi > > ebegin "Dropping all packets" > clear > if nft create table ip filter >/dev/null 2>&1; then > nft -f /var/lib/nftables/rules-panic.ip > fi > if nft create table ip6 filter >/dev/null 2>&1; then > nft -f /var/lib/nftables/rules-panic.ip6 > fi >} > >reload() { > checkkernel || return 1 > ebegin "Flushing firewall" > clear > start >} > >save() { > ebegin "Saving nftables state" > checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" > checkpath -q -m 0600 -f "${NFTABLES_SAVE}" > > local tmp_save="${NFTABLES_SAVE}.tmp" > > if use_legacy; then > save_legacy ${tmp_save} > else > nft list ruleset > ${tmp_save} > fi > mv ${tmp_save} ${NFTABLES_SAVE} >} > >start() { > ebegin "Loading nftables state and starting firewall" > clear > nft -f ${NFTABLES_SAVE} > eend $? >} > >stop() { > if yesno ${SAVE_ON_STOP:-yes}; then > save || return 1 > fi > > ebegin "Stopping firewall" > clear > eend $? >} > >################################################################################ ># ># SUPPORT FUNCTIONS ># >################################################################################ >checkconfig() { > if [ ! -f ${NFTABLES_SAVE} ]; then > eerror "Not starting nftables. First create some rules then run:" > eerror "rc-service nftables save" > return 1 > fi > return 0 >} > >checkkernel() { > if ! nft list tables >/dev/null 2>&1; then > eerror "Your kernel lacks nftables support, please load" > eerror "appropriate modules and try again." > return 1 > fi > return 0 >} > >use_legacy() { > local major_ver minor_ver > > major_ver=`uname -r | cut -d '.' -f1` > minor_ver=`uname -r | cut -d '.' -f2` > > [[ $major_ver -ge 4 || $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1 > return 0 >} > >################################################################################ ># ># LEGACY COMMAND FUNCTIONS ># >################################################################################ > >clear_legacy() { > local l3f line table chain first_line > > first_line=1 > if manualwalk; then > for l3f in $(getfamilies); do > nft list tables ${l3f} | while read line; do > table=$(echo ${line} | sed "s/table[ \t]*//") > deletetable ${l3f} ${table} > done > done > else > nft list tables | while read line; do > l3f=$(echo ${line} | cut -d ' ' -f2) > table=$(echo ${line} | cut -d ' ' -f3) > deletetable ${l3f} ${table} > done > fi >} > >list_legacy() { > local l3f > > if manualwalk; then > for l3f in $(getfamilies); do > nft list tables ${l3f} | while read line; do > line=$(echo ${line} | sed "s/table/table ${l3f}/") > echo "$(nft list ${line})" > done > done > else > nft list tables | while read line; do > echo "$(nft list ${line})" > done > fi >} > >save_legacy() { > tmp_save=$1 > touch "${tmp_save}" > if manualwalk; then > for l3f in $(getfamilies); do > nft list tables ${l3f} | while read line; do > line=$(echo ${line} | sed "s/table/table ${l3f}/") > nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save} > done > done > else > nft list tables | while read line; do > nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}" > done > fi >} > >################################################################################ ># ># LEGACY SUPPORT FUNCTIONS ># >################################################################################ >CHECK_TABLE_NAME="GENTOO_CHECK_TABLE" > >getfamilies() { > local l3f families > > for l3f in ip arp ip6 bridge inet; do > if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then > families="${families}${l3f} " > nft delete table ${l3f} ${CHECK_TABLE_NAME} > fi > done > echo ${families} >} > >manualwalk() { > local result l3f=`getfamilies | cut -d ' ' -f1` > > nft create table ${l3f} ${CHECK_TABLE_NAME} > nft list tables | read line > if [ $(echo $line | wc -w) -lt 3 ]; then > result=0 > fi > result=1 > nft delete table ${l3f} ${CHECK_TABLE_NAME} > > return $result >} > >deletetable() { > # family is $1 > # table name is $2 > nft flush table $1 $2 > nft list table $1 $2 | while read l; do > chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2) > if [ -n "${chain}" ]; then > nft flush chain $1 $2 ${chain} > nft delete chain $1 $2 ${chain} > fi > done > nft delete table $1 $2 >} >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=413976">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 560920
:
412362
|
412986
|
412988
|
412990
|
413944
|
413946
|
413948
|
413950
|
413972
|
413974
|
413976
|
413978
|
413980
|
414588
|
414590
|
414592
