Re: [ptxdist] [PATCH v2 5/5] nftables: Add bbinit startscript

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v2 5/5] nftables: Add bbinit startscript
Date: Mon, 9 Apr 2018 10:30:56 +0200	[thread overview]
Message-ID: <20180409083056.lj4ad22armucmoms@pengutronix.de> (raw)
In-Reply-To: <20180406090730.2055-6-ada@thorsis.com>

On Fri, Apr 06, 2018 at 11:07:30AM +0200, Alexander Dahl wrote:
> For loading your packet filter rules on system startup.
> 
> Signed-off-by: Alexander Dahl <ada@thorsis.com>

This patch does not apply. I'm not sure why:
[...]
error: sha1 information is lacking or useless (rules/nftables.in).
error: could not build fake ancestor
[...]

Please resent. Maybe as an attachment.

Michael

> ---
>  projectroot/etc/init.d/nftables | 103 ++++++++++++++++++++++++++++++++++++++++
>  rules/nftables-bbinit.in        |   9 ++++
>  rules/nftables.in               |   4 ++
>  rules/nftables.make             |  11 +++++
>  4 files changed, 127 insertions(+)
>  create mode 100644 projectroot/etc/init.d/nftables
>  create mode 100644 rules/nftables-bbinit.in
> 
> diff --git a/projectroot/etc/init.d/nftables b/projectroot/etc/init.d/nftables
> new file mode 100644
> index 0000000000..c10db5d901
> --- /dev/null
> +++ b/projectroot/etc/init.d/nftables
> @@ -0,0 +1,103 @@
> +#!/bin/sh
> +
> +# Author: Arturo Borrero Gonzalez <arturo@debian.org>
> +# Adapted by: Alexander Dahl <ada@thorsis.com>
> +
> +# Do NOT "set -e"
> +
> +CONF=/etc/nftables.conf
> +
> +PATH=/sbin:/usr/sbin:/bin:/usr/bin
> +DESC="firewall service"
> +NAME=nftables
> +BIN=/usr/sbin/nft
> +SCRIPTNAME=/etc/init.d/$NAME
> +
> +# Exit if the package is not installed
> +[ -x "$BIN" ] || exit 0
> +
> +do_start()
> +{
> +    # Return
> +    #  0 if start OK
> +    #  2 if start NOK
> +
> +    # nft v0.4 return 0 if ENOENT $CONF
> +    if [ ! -r "$CONF" ] ; then
> +        echo "E: No such $NAME $DESC config file $CONF" >&2
> +        return 2
> +    fi
> +
> +    $BIN -f $CONF || return 2
> +}
> +
> +do_stop()
> +{
> +    # Return
> +    #   0 if stopped
> +    #   1 if already stopped
> +    #   2 if could not be stopped
> +    if ! do_status ; then
> +        $BIN flush ruleset || return 2
> +    fi
> +}
> +
> +do_status()
> +{
> +    # Return
> +    #   0 if no rules
> +    #   1 if rules
> +    if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then
> +        return 0
> +    fi
> +
> +    return 1
> +}
> +
> +case "$1" in
> +    start)
> +        echo -n "Starting $DESC ..."
> +        do_start
> +        ret="$?"
> +        case "$ret" in
> +            0|1)    echo " Done." ;;
> +            2)      echo " Failed." ;;
> +        esac
> +        exit $ret
> +        ;;
> +    restart|force-reload)
> +        echo -n "Restarting $DESC ..."
> +        do_start
> +        ret="$?"
> +        case "$ret" in
> +            0|1)    echo " Done." ;;
> +            2)      echo " Failed." ;;
> +        esac
> +        exit $ret
> +        ;;
> +    stop)
> +        echo -n "Stopping $DESC ..."
> +        do_stop
> +        ret="$?"
> +        case "$ret" in
> +            0|1)    echo " Done." ;;
> +            2)      echo " Failed." ;;
> +        esac
> +        exit $ret
> +        ;;
> +    status)
> +        if ! do_status ; then
> +            echo "Status of ${DESC}: rules loaded"
> +            exit 0
> +        else
> +            echo "Status of ${DESC}: no rules loaded"
> +            exit 1
> +        fi
> +        ;;
> +    *)
> +        echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
> +        exit 3
> +        ;;
> +esac
> +
> +:
> diff --git a/rules/nftables-bbinit.in b/rules/nftables-bbinit.in
> new file mode 100644
> index 0000000000..84234c9761
> --- /dev/null
> +++ b/rules/nftables-bbinit.in
> @@ -0,0 +1,9 @@
> +## SECTION=initmethod_bbinit
> +
> +config NFTABLES_BBINIT_LINK
> +	depends on NFTABLES_STARTSCRIPT
> +	string
> +	prompt "nftables"
> +	default "S24nftables"
> +
> +# vim: ft=kconfig noet tw=72
> diff --git a/rules/nftables.in b/rules/nftables.in
> index be7fca1fa0..2b35741b7d 100644
> --- a/rules/nftables.in
> +++ b/rules/nftables.in
> @@ -31,6 +31,10 @@ config NFTABLES_MGMP
>  	  use the nftables build-in mini-GMP instead of linking to the shared
>  	  libgmp. (may reduce debugging verbosity on some files)
>  
> +config NFTABLES_STARTSCRIPT
> +	bool
> +	prompt "install /etc/init.d/nftables"
> +
>  endif
>  
>  # vim: ft=kconfig noet tw=72
> diff --git a/rules/nftables.make b/rules/nftables.make
> index 6c978aa21c..c7d704612e 100644
> --- a/rules/nftables.make
> +++ b/rules/nftables.make
> @@ -58,6 +58,17 @@ $(STATEDIR)/nftables.targetinstall:
>  	@$(call install_copy, nftables, 0, 0, 0755, -, /usr/sbin/nft)
>  	@$(call install_alternative, nftables, 0, 0, 0755, /etc/nftables.conf)
>  
> +ifdef PTXCONF_INITMETHOD_BBINIT
> +ifdef PTXCONF_NFTABLES_STARTSCRIPT
> +	@$(call install_alternative, nftables, 0, 0, 0755, /etc/init.d/nftables)
> +
> +ifneq ($(call remove_quotes,$(PTXCONF_NFTABLES_BBINIT_LINK)),)
> +	@$(call install_link, nftables, ../init.d/nftables, \
> +		/etc/rc.d/$(PTXCONF_NFTABLES_BBINIT_LINK))
> +endif
> +endif
> +endif
> +
>  	@$(call install_finish, nftables)
>  
>  	@$(call touch)
> -- 
> 2.11.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

next prev parent reply	other threads:[~2018-04-09  8:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-06  9:07 [ptxdist] [PATCH v2 0/5] netfilter: Upgrades and autostart Alexander Dahl
2018-04-06  9:07 ` [ptxdist] [PATCH v2 1/5] libnftnl: Upgrade from 1.0.6 to 1.0.9 Alexander Dahl
2018-04-06  9:07 ` [ptxdist] [PATCH v2 2/5] nftables: Upgrade from v0.6 to v0.8.3 Alexander Dahl
2018-04-06  9:48   ` Alexander Dahl
2018-04-06  9:07 ` [ptxdist] [PATCH v2 3/5] nftables: Fix Vim modelines Alexander Dahl
2018-04-10  8:47   ` Michael Olbrich
2018-04-10  9:02     ` Alexander Dahl
2018-04-10 14:03       ` Michael Olbrich
2018-04-06  9:07 ` [ptxdist] [PATCH v2 4/5] nftables: Add example config file Alexander Dahl
2018-04-06  9:07 ` [ptxdist] [PATCH v2 5/5] nftables: Add bbinit startscript Alexander Dahl
2018-04-09  8:30   ` Michael Olbrich [this message]
2018-04-09  9:16     ` Alexander Dahl
2018-04-10  6:57     ` Alexander Dahl
2018-04-10  8:42       ` Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180409083056.lj4ad22armucmoms@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox