Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Ian Delaney <idella4@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/
Date: Tue, 03 Nov 2015 08:42:42
Message-Id: 1446531082.bbee7c12baa2b1d85c23f83f2ec18ac535179f43.idella4@gentoo
1 commit: bbee7c12baa2b1d85c23f83f2ec18ac535179f43
2 Author: Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
3 AuthorDate: Tue Nov 3 06:00:22 2015 +0000
4 Commit: Ian Delaney <idella4 <AT> gentoo <DOT> org>
5 CommitDate: Tue Nov 3 06:11:22 2015 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbee7c12
7
8 net-firewall/nftables: update nftables.init to use new libexec/nftables.sh
9
10 Package-Manager: portage-2.2.23
11
12 net-firewall/nftables/files/nftables.init-r2 | 123 +++++++++++++++++++++++++++
13 1 file changed, 123 insertions(+)
14
15 diff --git a/net-firewall/nftables/files/nftables.init-r2 b/net-firewall/nftables/files/nftables.init-r2
16 new file mode 100644
17 index 0000000..c86d2e3
18 --- /dev/null
19 +++ b/net-firewall/nftables/files/nftables.init-r2
20 @@ -0,0 +1,123 @@
21 +#!/sbin/runscript
22 +# Copyright 2014 Nicholas Vinson
23 +# Copyright 1999-2014 Gentoo Foundation
24 +# Distributed under the terms of the GNU General Public License v2
25 +
26 +extra_commands="clear list panic save"
27 +extra_started_commands="reload"
28 +depend() {
29 + need localmount #434774
30 + before net
31 +}
32 +
33 +start_pre() {
34 + checkkernel || return 1
35 + checkconfig || return 1
36 + return 0
37 +}
38 +
39 +clear() {
40 + /usr/libexec/nftables/nftables.sh clear || return 1
41 + return 0
42 +}
43 +
44 +list() {
45 + /usr/libexec/nftables/nftables.sh list || return 1
46 + return 0
47 +}
48 +
49 +panic() {
50 + checkkernel || return 1
51 + if service_started ${RC_SVCNAME}; then
52 + rc-service ${RC_SVCNAME} stop
53 + fi
54 +
55 + ebegin "Dropping all packets"
56 + clear
57 + if nft create table ip filter >/dev/null 2>&1; then
58 + nft -f /dev/stdin <<-EOF
59 + table ip filter {
60 + chain input {
61 + type filter hook input priority 0;
62 + drop
63 + }
64 + chain forward {
65 + type filter hook forward priority 0;
66 + drop
67 + }
68 + chain output {
69 + type filter hook output priority 0;
70 + drop
71 + }
72 + }
73 + EOF
74 + fi
75 + if nft create table ip6 filter >/dev/null 2>&1; then
76 + nft -f /dev/stdin <<-EOF
77 + table ip6 filter {
78 + chain input {
79 + type filter hook input priority 0;
80 + drop
81 + }
82 + chain forward {
83 + type filter hook forward priority 0;
84 + drop
85 + }
86 + chain output {
87 + type filter hook output priority 0;
88 + drop
89 + }
90 + }
91 + EOF
92 + fi
93 +}
94 +
95 +reload() {
96 + checkkernel || return 1
97 + ebegin "Flushing firewall"
98 + clear
99 + start
100 +}
101 +
102 +save() {
103 + ebegin "Saving nftables state"
104 + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
105 + checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
106 + /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE}
107 + return $?
108 +}
109 +
110 +start() {
111 + ebegin "Loading nftables state and starting firewall"
112 + clear
113 + /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE}
114 + eend $?
115 +}
116 +
117 +stop() {
118 + if yesno ${SAVE_ON_STOP:-yes}; then
119 + save || return 1
120 + fi
121 +
122 + ebegin "Stopping firewall"
123 + clear
124 + eend $?
125 +}
126 +
127 +checkconfig() {
128 + if [ ! -f ${NFTABLES_SAVE} ]; then
129 + eerror "Not starting nftables. First create some rules then run:"
130 + eerror "rc-service nftables save"
131 + return 1
132 + fi
133 + return 0
134 +}
135 +
136 +checkkernel() {
137 + if ! nft list tables >/dev/null 2>&1; then
138 + eerror "Your kernel lacks nftables support, please load"
139 + eerror "appropriate modules and try again."
140 + return 1
141 + fi
142 + return 0
143 +}
Report Message
Find on MARC Find on Google Groups