Hei hei, On Wed, Apr 03, 2019 at 02:12:04PM +0000, Baeuerle, Florian wrote: > Allow installing a systemd unit for loading the nftables configuration > file. The systemd unit is taken from Arch Linux. > > Signed-off-by: Florian Bäuerle Looks good, not tested however. Acked-by: Alexander Dahl > --- > .../usr/lib/systemd/system/nftables.service | 15 +++++++++++++++ > rules/nftables.in | 6 ++++++ > rules/nftables.make | 6 ++++++ > 3 files changed, 27 insertions(+) > create mode 100644 projectroot/usr/lib/systemd/system/nftables.service > > diff --git a/projectroot/usr/lib/systemd/system/nftables.service b/projectroot/usr/lib/systemd/system/nftables.service > new file mode 100644 > index 000000000..16f390d6a > --- /dev/null > +++ b/projectroot/usr/lib/systemd/system/nftables.service > @@ -0,0 +1,15 @@ > +[Unit] > +Description=Netfilter Tables > +Documentation=man:nft(8) > +Wants=network-pre.target > +Before=network-pre.target > + > +[Service] > +Type=oneshot > +ExecStart=/usr/sbin/nft -f /etc/nftables.conf > +ExecReload=/usr/sbin/nft flush ruleset ';' include '"/etc/nftables.conf"' > +ExecStop=/usr/sbin/nft flush ruleset > +RemainAfterExit=yes > + > +[Install] > +WantedBy=multi-user.target > diff --git a/rules/nftables.in b/rules/nftables.in > index aafd7cdd6..089f68d2e 100644 > --- a/rules/nftables.in > +++ b/rules/nftables.in > @@ -36,4 +36,10 @@ config NFTABLES_STARTSCRIPT > bool > prompt "install /etc/init.d/nftables" > > +config NFTABLES_SYSTEMD_UNIT > + bool > + default y > + depends on INITMETHOD_SYSTEMD > + prompt "install systemd unit file for nftables" > + > endif > diff --git a/rules/nftables.make b/rules/nftables.make > index 4a95694ad..15368f965 100644 > --- a/rules/nftables.make > +++ b/rules/nftables.make > @@ -69,6 +69,12 @@ endif > endif > endif > > +ifdef PTXCONF_NFTABLES_SYSTEMD_UNIT > + @$(call install_alternative, nftables, 0, 0, 0644, /usr/lib/systemd/system/nftables.service) > + @$(call install_link, nftables, ../nftables.service, \ > + /usr/lib/systemd/system/multi-user.target.wants/nftables.service) > +endif > + > @$(call install_finish, nftables) > > @$(call touch) > -- > 2.21.0 > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de -- /"\ ASCII RIBBON | »With the first link, the chain is forged. The first \ / CAMPAIGN | speech censured, the first thought forbidden, the X AGAINST | first freedom denied, chains us all irrevocably.« / \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)