From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mout.kundenserver.de ([217.72.192.75]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1hBjE5-0006Ne-Ez for ptxdist@pengutronix.de; Wed, 03 Apr 2019 18:59:02 +0200 Date: Wed, 3 Apr 2019 18:58:41 +0200 From: Alexander Dahl Message-ID: <20190403165841.nhd7uyk7dxdbymdq@falbala.home.lespocky.de> References: <20190403141142.3743-1-florian.baeuerle@allegion.com> MIME-Version: 1.0 In-Reply-To: <20190403141142.3743-1-florian.baeuerle@allegion.com> Subject: Re: [ptxdist] [PATCH] nftables: add option for installing systemd unit List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: multipart/mixed; boundary="===============0927246876==" Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Florian =?iso-8859-1?Q?B=E4uerle?= --===============0927246876== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7yepufeftpmuzg4y" Content-Disposition: inline --7yepufeftpmuzg4y Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hei hei, On Wed, Apr 03, 2019 at 02:12:04PM +0000, Baeuerle, Florian wrote: > Allow installing a systemd unit for loading the nftables configuration > file. The systemd unit is taken from Arch Linux. >=20 > Signed-off-by: Florian B=E4uerle Looks good, not tested however. Acked-by: Alexander Dahl > --- > .../usr/lib/systemd/system/nftables.service | 15 +++++++++++++++ > rules/nftables.in | 6 ++++++ > rules/nftables.make | 6 ++++++ > 3 files changed, 27 insertions(+) > create mode 100644 projectroot/usr/lib/systemd/system/nftables.service >=20 > diff --git a/projectroot/usr/lib/systemd/system/nftables.service b/projec= troot/usr/lib/systemd/system/nftables.service > new file mode 100644 > index 000000000..16f390d6a > --- /dev/null > +++ b/projectroot/usr/lib/systemd/system/nftables.service > @@ -0,0 +1,15 @@ > +[Unit] > +Description=3DNetfilter Tables > +Documentation=3Dman:nft(8) > +Wants=3Dnetwork-pre.target > +Before=3Dnetwork-pre.target > + > +[Service] > +Type=3Doneshot > +ExecStart=3D/usr/sbin/nft -f /etc/nftables.conf > +ExecReload=3D/usr/sbin/nft flush ruleset ';' include '"/etc/nftables.con= f"' > +ExecStop=3D/usr/sbin/nft flush ruleset > +RemainAfterExit=3Dyes > + > +[Install] > +WantedBy=3Dmulti-user.target > diff --git a/rules/nftables.in b/rules/nftables.in > index aafd7cdd6..089f68d2e 100644 > --- a/rules/nftables.in > +++ b/rules/nftables.in > @@ -36,4 +36,10 @@ config NFTABLES_STARTSCRIPT > bool > prompt "install /etc/init.d/nftables" > =20 > +config NFTABLES_SYSTEMD_UNIT > + bool > + default y > + depends on INITMETHOD_SYSTEMD > + prompt "install systemd unit file for nftables" > + > endif > diff --git a/rules/nftables.make b/rules/nftables.make > index 4a95694ad..15368f965 100644 > --- a/rules/nftables.make > +++ b/rules/nftables.make > @@ -69,6 +69,12 @@ endif > endif > endif > =20 > +ifdef PTXCONF_NFTABLES_SYSTEMD_UNIT > + @$(call install_alternative, nftables, 0, 0, 0644, /usr/lib/systemd/sys= tem/nftables.service) > + @$(call install_link, nftables, ../nftables.service, \ > + /usr/lib/systemd/system/multi-user.target.wants/nftables.service) > +endif > + > @$(call install_finish, nftables) > =20 > @$(call touch) > --=20 > 2.21.0 >=20 > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de --=20 /"\ ASCII RIBBON | =BBWith the first link, the chain is forged. The first \ / CAMPAIGN | speech censured, the first thought forbidden, the X AGAINST | first freedom denied, chains us all irrevocably.=AB / \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie) --7yepufeftpmuzg4y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEwo7muQJjlc+Prwj6NK3NAHIhXMYFAlyk5j0ACgkQNK3NAHIh XMaSCQ/+O8gkY5PsYz6NwZQVGQOUFRvrVOGLEiQzZoZqggaDQyrCEE0mVDNoYG1U /P0hj3ylrX9knrpgSFLUZ7NoCeCdzBkwhiW84wDxPe3RspEI4mhUiA16NcRgrUhe 6V46L+e+nfa2PtYiG9uJP+6MHcuxipVlKhCA/zkePOFO1ZelJa8+Nf4FbbZTJdsu MMWnjISAt1Kak5Gbh+WbyCeh2d+/PfZfv4WI1w7ZVE0KTb0Aip3LwBCh+N2sK/yL g7VIeZouRBIC7+Ra7dhqVV7oDu+Ia1MuPUeAzvZJ3A9hFVQXiMvyw2Fv/PlxpJlN fpDYhMCwVl6Mn49kl9OjYpGnuKDp06e4Z/uFIuwDgdgxdkIaDXTiDYdK4Z9vwOJo WtmyYP+4Cvvb40tiLml4jZGJTWsJdpNr/xpB8MASDfD7QcxQCkiJ55CuOOe3mMaq IS+NkII9C85VDIn4F1Swkigq9YCBEWKHbc3UrEkhUTUYxbPsZu/z1NlqnAsmWk46 vLfmoclU0Iewq67i6piP07ZWNt6trlkMzkHLlHCT990saTPo7gSsqYblX34lkL+o zxI64OQTrkpW7ajtqTHqbXuNxSvl8dlu6866O/q/VQJiEPCWa3uMq+FDc+drphow xcNY2QkDEZDpF8AdMdy80dUkWKq2W5HIj6PMFzMstpgzsll/qf8= =BKiH -----END PGP SIGNATURE----- --7yepufeftpmuzg4y-- --===============0927246876== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KcHR4ZGlzdCBt YWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQ== --===============0927246876==--