Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 415974 Details for
Bug 540198
net-firewall/nftables doesn't provide systemd service file
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Updates /etc/init.d/nftables to use the new nftables.sh shell script
0002-Update-nftables.init-to-use-nftables.sh.patch (text/plain), 3.76 KB, created by
nvinson234
on 2015-11-03 04:04:59 UTC
(
hide
)
Description:
Updates /etc/init.d/nftables to use the new nftables.sh shell script
Filename:
MIME Type:
Creator:
nvinson234
Created:
2015-11-03 04:04:59 UTC
Size:
3.76 KB
patch
obsolete
>From 0ec7d6a6d22ea93c14bebd69df4e4544a2942d45 Mon Sep 17 00:00:00 2001 >From: Nicholas Vinson <nvinson234@gmail.com> >Date: Mon, 2 Nov 2015 22:54:02 -0500 >Subject: [PATCH 2/4] Update nftables.init to use nftables.sh > >Signed-off-by: Nicholas Vinson <nvinson234@gmail.com> >--- > net-firewall/nftables/files/nftables.init-r2 | 123 +++++++++++++++++++++++++++ > 1 file changed, 123 insertions(+) > create mode 100644 net-firewall/nftables/files/nftables.init-r2 > >diff --git net-firewall/nftables/files/nftables.init-r2 net-firewall/nftables/files/nftables.init-r2 >new file mode 100644 >index 0000000..c86d2e3 >--- /dev/null >+++ net-firewall/nftables/files/nftables.init-r2 >@@ -0,0 +1,123 @@ >+#!/sbin/runscript >+# Copyright 2014 Nicholas Vinson >+# Copyright 1999-2014 Gentoo Foundation >+# Distributed under the terms of the GNU General Public License v2 >+ >+extra_commands="clear list panic save" >+extra_started_commands="reload" >+depend() { >+ need localmount #434774 >+ before net >+} >+ >+start_pre() { >+ checkkernel || return 1 >+ checkconfig || return 1 >+ return 0 >+} >+ >+clear() { >+ /usr/libexec/nftables/nftables.sh clear || return 1 >+ return 0 >+} >+ >+list() { >+ /usr/libexec/nftables/nftables.sh list || return 1 >+ return 0 >+} >+ >+panic() { >+ checkkernel || return 1 >+ if service_started ${RC_SVCNAME}; then >+ rc-service ${RC_SVCNAME} stop >+ fi >+ >+ ebegin "Dropping all packets" >+ clear >+ if nft create table ip filter >/dev/null 2>&1; then >+ nft -f /dev/stdin <<-EOF >+ table ip filter { >+ chain input { >+ type filter hook input priority 0; >+ drop >+ } >+ chain forward { >+ type filter hook forward priority 0; >+ drop >+ } >+ chain output { >+ type filter hook output priority 0; >+ drop >+ } >+ } >+ EOF >+ fi >+ if nft create table ip6 filter >/dev/null 2>&1; then >+ nft -f /dev/stdin <<-EOF >+ table ip6 filter { >+ chain input { >+ type filter hook input priority 0; >+ drop >+ } >+ chain forward { >+ type filter hook forward priority 0; >+ drop >+ } >+ chain output { >+ type filter hook output priority 0; >+ drop >+ } >+ } >+ EOF >+ fi >+} >+ >+reload() { >+ checkkernel || return 1 >+ ebegin "Flushing firewall" >+ clear >+ start >+} >+ >+save() { >+ ebegin "Saving nftables state" >+ checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" >+ checkpath -q -m 0600 -f "${NFTABLES_SAVE}" >+ /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} >+ return $? >+} >+ >+start() { >+ ebegin "Loading nftables state and starting firewall" >+ clear >+ /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE} >+ eend $? >+} >+ >+stop() { >+ if yesno ${SAVE_ON_STOP:-yes}; then >+ save || return 1 >+ fi >+ >+ ebegin "Stopping firewall" >+ clear >+ eend $? >+} >+ >+checkconfig() { >+ if [ ! -f ${NFTABLES_SAVE} ]; then >+ eerror "Not starting nftables. First create some rules then run:" >+ eerror "rc-service nftables save" >+ return 1 >+ fi >+ return 0 >+} >+ >+checkkernel() { >+ if ! nft list tables >/dev/null 2>&1; then >+ eerror "Your kernel lacks nftables support, please load" >+ eerror "appropriate modules and try again." >+ return 1 >+ fi >+ return 0 >+} >-- >2.6.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=415974">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 540198
:
415972
| 415974 |
415976
|
415978
