Re: [ptxdist] [PATCH v2 5/5] nftables: Add bbinit startscript

[Alexander Dahl <ada@thorsis.com>]

[-- Attachment #1: Type: text/plain, Size: 490 bytes --]

Hello Michael,

Am Montag, 9. April 2018, 10:30:56 CEST schrieb Michael Olbrich:
> This patch does not apply. I'm not sure why:
> [...]
> error: sha1 information is lacking or useless (rules/nftables.in).
> error: could not build fake ancestor
> [...]

I tried to apply the series from the mails by myself on two systems and got no 
error. Strange.

> Please resent. Maybe as an attachment.

I attach it to this mail. You may need to apply other patches of this series 
first?

Greets
Alex

[-- Attachment #2: v2-0005-nftables-Add-bbinit-startscript.patch --]
[-- Type: text/x-patch, Size: 4479 bytes --]

From 29a2513f241e3be9428d20756ac2929c764b4115 Mon Sep 17 00:00:00 2001
From: Alexander Dahl <ada@thorsis.com>
Date: Fri, 6 Apr 2018 11:00:46 +0200
Subject: [PATCH v2 5/5] nftables: Add bbinit startscript

For loading your packet filter rules on system startup.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 projectroot/etc/init.d/nftables | 103 ++++++++++++++++++++++++++++++++++++++++
 rules/nftables-bbinit.in        |   9 ++++
 rules/nftables.in               |   4 ++
 rules/nftables.make             |  11 +++++
 4 files changed, 127 insertions(+)
 create mode 100644 projectroot/etc/init.d/nftables
 create mode 100644 rules/nftables-bbinit.in

diff --git a/projectroot/etc/init.d/nftables b/projectroot/etc/init.d/nftables
new file mode 100644
index 0000000000..c10db5d901
--- /dev/null
+++ b/projectroot/etc/init.d/nftables
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+# Author: Arturo Borrero Gonzalez <arturo@debian.org>
+# Adapted by: Alexander Dahl <ada@thorsis.com>
+
+# Do NOT "set -e"
+
+CONF=/etc/nftables.conf
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="firewall service"
+NAME=nftables
+BIN=/usr/sbin/nft
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$BIN" ] || exit 0
+
+do_start()
+{
+    # Return
+    #  0 if start OK
+    #  2 if start NOK
+
+    # nft v0.4 return 0 if ENOENT $CONF
+    if [ ! -r "$CONF" ] ; then
+        echo "E: No such $NAME $DESC config file $CONF" >&2
+        return 2
+    fi
+
+    $BIN -f $CONF || return 2
+}
+
+do_stop()
+{
+    # Return
+    #   0 if stopped
+    #   1 if already stopped
+    #   2 if could not be stopped
+    if ! do_status ; then
+        $BIN flush ruleset || return 2
+    fi
+}
+
+do_status()
+{
+    # Return
+    #   0 if no rules
+    #   1 if rules
+    if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then
+        return 0
+    fi
+
+    return 1
+}
+
+case "$1" in
+    start)
+        echo -n "Starting $DESC ..."
+        do_start
+        ret="$?"
+        case "$ret" in
+            0|1)    echo " Done." ;;
+            2)      echo " Failed." ;;
+        esac
+        exit $ret
+        ;;
+    restart|force-reload)
+        echo -n "Restarting $DESC ..."
+        do_start
+        ret="$?"
+        case "$ret" in
+            0|1)    echo " Done." ;;
+            2)      echo " Failed." ;;
+        esac
+        exit $ret
+        ;;
+    stop)
+        echo -n "Stopping $DESC ..."
+        do_stop
+        ret="$?"
+        case "$ret" in
+            0|1)    echo " Done." ;;
+            2)      echo " Failed." ;;
+        esac
+        exit $ret
+        ;;
+    status)
+        if ! do_status ; then
+            echo "Status of ${DESC}: rules loaded"
+            exit 0
+        else
+            echo "Status of ${DESC}: no rules loaded"
+            exit 1
+        fi
+        ;;
+    *)
+        echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+        exit 3
+        ;;
+esac
+
+:
diff --git a/rules/nftables-bbinit.in b/rules/nftables-bbinit.in
new file mode 100644
index 0000000000..84234c9761
--- /dev/null
+++ b/rules/nftables-bbinit.in
@@ -0,0 +1,9 @@
+## SECTION=initmethod_bbinit
+
+config NFTABLES_BBINIT_LINK
+	depends on NFTABLES_STARTSCRIPT
+	string
+	prompt "nftables"
+	default "S24nftables"
+
+# vim: ft=kconfig noet tw=72
diff --git a/rules/nftables.in b/rules/nftables.in
index be7fca1fa0..2b35741b7d 100644
--- a/rules/nftables.in
+++ b/rules/nftables.in
@@ -31,6 +31,10 @@ config NFTABLES_MGMP
 	  use the nftables build-in mini-GMP instead of linking to the shared
 	  libgmp. (may reduce debugging verbosity on some files)
 
+config NFTABLES_STARTSCRIPT
+	bool
+	prompt "install /etc/init.d/nftables"
+
 endif
 
 # vim: ft=kconfig noet tw=72
diff --git a/rules/nftables.make b/rules/nftables.make
index 6c978aa21c..c7d704612e 100644
--- a/rules/nftables.make
+++ b/rules/nftables.make
@@ -58,6 +58,17 @@ $(STATEDIR)/nftables.targetinstall:
 	@$(call install_copy, nftables, 0, 0, 0755, -, /usr/sbin/nft)
 	@$(call install_alternative, nftables, 0, 0, 0755, /etc/nftables.conf)
 
+ifdef PTXCONF_INITMETHOD_BBINIT
+ifdef PTXCONF_NFTABLES_STARTSCRIPT
+	@$(call install_alternative, nftables, 0, 0, 0755, /etc/init.d/nftables)
+
+ifneq ($(call remove_quotes,$(PTXCONF_NFTABLES_BBINIT_LINK)),)
+	@$(call install_link, nftables, ../init.d/nftables, \
+		/etc/rc.d/$(PTXCONF_NFTABLES_BBINIT_LINK))
+endif
+endif
+endif
+
 	@$(call install_finish, nftables)
 
 	@$(call touch)
-- 
2.11.0


[-- Attachment #3: Type: text/plain, Size: 91 bytes --]

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de