[packages/iptables] - added ebtables init scripts

baggins baggins at pld-linux.org
Sat Apr 9 15:45:50 CEST 2016 

commit 9ec3dc4d5d00befe1b59d557cc4d4e34635816c5
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sat Apr 9 21:57:09 2016 +0900

    - added ebtables init scripts

 ebtables-config  |  37 +++++++++++++++
 ebtables.init    | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ebtables.service |  15 ++++++
 iptables.spec    |  20 ++++++--
 4 files changed, 207 insertions(+), 3 deletions(-)
---
diff --git a/iptables.spec b/iptables.spec
index c260d70..e6b1263 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,6 +1,5 @@
 #
 # TODO:
-# - include init.d+sysconfig files from ebtables.spec in -init?
 # - update BR to real required llh version
 # - check if kernel-headers are still required to properly build iptabels for dist kernel
 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
@@ -47,6 +46,9 @@ Source6:	%{name}-config
 Source7:	%{name6}-config
 Source8:	%{name}.service
 Source9:	%{name6}.service
+Source10:	ebtables.init
+Source11:	ebtables-config
+Source12:	ebtables.service
 # --- GENERAL CHANGES (patches<10):
 Patch0:		%{name}-man.patch
 # additional utils; off by default
@@ -264,6 +266,10 @@ install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/%{name6}-config
 install -p %{SOURCE8} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}.service
 install -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdunitdir}/%{name6}.service
 
+install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/ebtables
+install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/sysconfig/ebtables-config
+install -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}/ebtables.service
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -271,16 +277,18 @@ rm -rf $RPM_BUILD_ROOT
 %postun	libs -p /sbin/ldconfig
 
 %post init
+/sbin/chkconfig --add ebtables
 /sbin/chkconfig --add %{name}
 /sbin/chkconfig --add %{name6}
-%systemd_post %{name}.service %{name6}.service
+%systemd_post %{name}.service %{name6}.service ebtables.service
 
 %preun init
 if [ "$1" = "0" ]; then
+	/sbin/chkconfig --del ebtables
 	/sbin/chkconfig --del %{name}
 	/sbin/chkconfig --del %{name6}
 fi
-%systemd_preun %{name}.service %{name6}.service
+%systemd_preun %{name}.service %{name6}.service ebtables.service
 
 %postun init
 %systemd_reload
@@ -288,6 +296,9 @@ fi
 %triggerpostun init -- %{name}-init < 1.4.13-2
 %systemd_trigger %{name}.service %{name6}.service
 
+%triggerpostun init -- %{name}-init < 1.6.0-1
+%systemd_trigger ebtables.service
+
 %files
 %defattr(644,root,root,755)
 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
@@ -500,9 +511,12 @@ fi
 
 %files init
 %defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/ebtables-config
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}-config
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name6}-config
+%attr(754,root,root) /etc/rc.d/init.d/ebtables
 %attr(754,root,root) /etc/rc.d/init.d/iptables
 %attr(754,root,root) /etc/rc.d/init.d/ip6tables
+%{systemdunitdir}/ebtables.service
 %{systemdunitdir}/%{name}.service
 %{systemdunitdir}/%{name6}.service
diff --git a/ebtables-config b/ebtables-config
new file mode 100644
index 0000000..855287b
--- /dev/null
+++ b/ebtables-config
@@ -0,0 +1,37 @@
+# Save (and possibly restore) in text format.
+#   Value: yes|no,  default: yes
+# Save the firewall rules in text format to /etc/sysconfig/ebtables
+# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
+# is done using this text format.
+EBTABLES_TEXT_FORMAT="yes"
+
+# Save (and restore) in binary format.
+#   Value: yes|no,  default: yes
+# Save (and restore) the firewall rules in binary format to (and from)
+# /etc/sysconfig/ebtables.<chain>. Enabling this option will make
+# firewall initialisation a lot faster.
+EBTABLES_BINARY_FORMAT="yes"
+
+# Unload modules on restart and stop
+#   Value: yes|no,  default: yes
+# This option has to be 'yes' to get to a sane state for a firewall
+# restart or stop. Only set to 'no' if there are problems unloading netfilter
+# modules.
+EBTABLES_MODULES_UNLOAD="no"
+
+# Save current firewall rules on stop.
+#   Value: yes|no,  default: no
+# Saves all firewall rules if firewall gets stopped
+# (e.g. on system shutdown).
+EBTABLES_SAVE_ON_STOP="no"
+
+# Save current firewall rules on restart.
+#   Value: yes|no,  default: no
+# Saves all firewall rules if firewall gets restarted.
+EBTABLES_SAVE_ON_RESTART="no"
+
+# Save (and restore) rule counters.
+#   Value: yes|no,  default: no
+# Save rule counters when saving a kernel table to a file. If the
+# rule counters were saved, they will be restored when restoring the table.
+EBTABLES_SAVE_COUNTER="no"
diff --git a/ebtables.init b/ebtables.init
new file mode 100755
index 0000000..75bc29a
--- /dev/null
+++ b/ebtables.init
@@ -0,0 +1,138 @@
+#!/bin/sh
+#
+# init script for the Ethernet Bridge filter tables
+#
+# chkconfig: - 15 85
+# description: Ethernet Bridge filtering tables
+#
+# config: /etc/sysconfig/ebtables         (text)
+#         /etc/sysconfig/ebtables.<table> (binary)
+
+EBTABLES_CONFIG=/etc/sysconfig/ebtables
+if [ ! -f $EBTABLES_CONFIG ]; then
+	case "$1" in
+	start|restart|force-reload)
+		exit 0
+	;;
+	esac
+fi
+
+# Source 'em up
+. /etc/rc.d/init.d/functions
+
+#default configuration
+EBTABLES_TEXT_FORMAT="yes"
+EBTABLES_BINARY_FORMAT="yes"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+
+[ -f /etc/sysconfig/ebtables-config ] && . /etc/sysconfig/ebtables-config
+
+if [ "$1" = "--quiet" ]; then
+	shift
+	show() { return 0; }
+	ok() { return 0; }
+	fail() { return 1; }
+fi
+
+start() {
+	# don't do squat if we don't have the config file
+	if [ -f $EBTABLES_CONFIG ]; then
+		show "Starting Ethernet bridge filtering (ebtables)"
+		if is_yes "$EBTABLES_BINARY_FORMAT"; then
+			for table in $(ls /etc/sysconfig/ebtables.* 2>/dev/null | sed -e 's/.*ebtables\.//' -e '/save/d' ); do
+				/usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-commit || RETVAL=1
+			done
+		else
+			/usr/sbin/ebtables-restore < /etc/sysconfig/ebtables || RETVAL=1
+		fi
+
+		if [ $RETVAL -eq 0 ]; then
+			ok
+			touch /var/lock/subsys/ebtables
+		else
+			fail
+		fi
+	fi
+}
+
+stop() {
+	show "Stopping Ethernet bridge filtering (ebtables)"
+	for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+		/usr/sbin/ebtables -t $table --init-table || RETVAL=1
+	done
+
+	if [ $RETVAL -eq 0 ]; then
+		ok
+		rm -f /var/lock/subsys/ebtables
+	else
+		fail
+	fi
+}
+
+restart() {
+	stop
+	start
+}
+
+save() {
+	show "Saving Ethernet bridge filtering (ebtables)"
+	if is_yes "$EBTABLES_TEXT_FORMAT"; then
+		if [ -e /etc/sysconfig/ebtables ]; then
+			chmod 0600 /etc/sysconfig/ebtables
+			mv -f /etc/sysconfig/ebtables /etc/sysconfig/ebtables.save
+		fi
+		/usr/sbin/ebtables-save > /etc/sysconfig/ebtables || RETVAL=1
+	fi
+	if is_yes "$EBTABLES_BINARY_FORMAT"; then
+		rm -f /etc/sysconfig/ebtables.*.save
+		for oldtable in $(ls /etc/sysconfif/ebtables.* 2>/dev/null | grep -vF 'ebtables.save'); do
+			chmod 0600 $oldtable
+			mv -f $oldtable $oldtable.save
+		done
+		for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+			/usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table --atomic-save || RETVAL=1
+			if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+				/usr/sbin/ebtables -t $table --atomic-file /etc/sysconfig/ebtables.$table -Z || RETVAL=1
+			fi
+		done
+	fi
+
+	if [ $RETVAL -eq 0 ]; then
+		ok
+	else
+		fail
+	fi
+}
+
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	is_yes "$EBTABLES_SAVE_ON_STOP" && save
+	stop
+	;;
+  restart|reload)
+	is_yes "$EBTABLES_SAVE_ON_RESTART" && save
+	restart
+	;;
+  condrestart)
+	[ -e /var/lock/subsys/ebtables ] && restart
+	RETVAL=$?
+	;;
+  save)
+	save
+	;;
+  status)
+	for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+		/usr/sbin/ebtables -t $table --list
+	done
+	;;
+  *)
+	echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
+	RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/ebtables.service b/ebtables.service
new file mode 100644
index 0000000..4bf63f3
--- /dev/null
+++ b/ebtables.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Ethernet Bridge filter tables
+After=syslog.target
+ConditionPathExists=/etc/sysconfig/ebtables-config
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/rc.d/init.d/ebtables --quiet start
+ExecStop=/etc/rc.d/init.d/ebtables --quiet stop
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/72bb90f622b756025958bda31f9bc33719436545

More information about the pld-cvs-commit mailing list