From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Alexander Dahl Date: Tue, 10 Apr 2018 08:57:01 +0200 Message-ID: <6513165.U8Eh4E8lWP@ada> In-Reply-To: <20180409083056.lj4ad22armucmoms@pengutronix.de> References: <20180406090730.2055-1-ada@thorsis.com> <20180406090730.2055-6-ada@thorsis.com> <20180409083056.lj4ad22armucmoms@pengutronix.de> Content-Type: multipart/mixed; boundary="nextPart3457444.60iDLuVVEn" Content-Transfer-Encoding: 7Bit Subject: Re: [ptxdist] [PATCH v2 5/5] nftables: Add bbinit startscript List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Michael Olbrich This is a multi-part message in MIME format. --nextPart3457444.60iDLuVVEn Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Hello Michael, Am Montag, 9. April 2018, 10:30:56 CEST schrieb Michael Olbrich: > This patch does not apply. I'm not sure why: > [...] > error: sha1 information is lacking or useless (rules/nftables.in). > error: could not build fake ancestor > [...] I tried to apply the series from the mails by myself on two systems and got no error. Strange. > Please resent. Maybe as an attachment. I attach it to this mail. You may need to apply other patches of this series first? Greets Alex --nextPart3457444.60iDLuVVEn Content-Disposition: attachment; filename="v2-0005-nftables-Add-bbinit-startscript.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="UTF-8"; name="v2-0005-nftables-Add-bbinit-startscript.patch" >From 29a2513f241e3be9428d20756ac2929c764b4115 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Fri, 6 Apr 2018 11:00:46 +0200 Subject: [PATCH v2 5/5] nftables: Add bbinit startscript For loading your packet filter rules on system startup. Signed-off-by: Alexander Dahl --- projectroot/etc/init.d/nftables | 103 ++++++++++++++++++++++++++++++++++++++++ rules/nftables-bbinit.in | 9 ++++ rules/nftables.in | 4 ++ rules/nftables.make | 11 +++++ 4 files changed, 127 insertions(+) create mode 100644 projectroot/etc/init.d/nftables create mode 100644 rules/nftables-bbinit.in diff --git a/projectroot/etc/init.d/nftables b/projectroot/etc/init.d/nftables new file mode 100644 index 0000000000..c10db5d901 --- /dev/null +++ b/projectroot/etc/init.d/nftables @@ -0,0 +1,103 @@ +#!/bin/sh + +# Author: Arturo Borrero Gonzalez +# Adapted by: Alexander Dahl + +# Do NOT "set -e" + +CONF=/etc/nftables.conf + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="firewall service" +NAME=nftables +BIN=/usr/sbin/nft +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$BIN" ] || exit 0 + +do_start() +{ + # Return + # 0 if start OK + # 2 if start NOK + + # nft v0.4 return 0 if ENOENT $CONF + if [ ! -r "$CONF" ] ; then + echo "E: No such $NAME $DESC config file $CONF" >&2 + return 2 + fi + + $BIN -f $CONF || return 2 +} + +do_stop() +{ + # Return + # 0 if stopped + # 1 if already stopped + # 2 if could not be stopped + if ! do_status ; then + $BIN flush ruleset || return 2 + fi +} + +do_status() +{ + # Return + # 0 if no rules + # 1 if rules + if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then + return 0 + fi + + return 1 +} + +case "$1" in + start) + echo -n "Starting $DESC ..." + do_start + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + restart|force-reload) + echo -n "Restarting $DESC ..." + do_start + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + stop) + echo -n "Stopping $DESC ..." + do_stop + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + status) + if ! do_status ; then + echo "Status of ${DESC}: rules loaded" + exit 0 + else + echo "Status of ${DESC}: no rules loaded" + exit 1 + fi + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/rules/nftables-bbinit.in b/rules/nftables-bbinit.in new file mode 100644 index 0000000000..84234c9761 --- /dev/null +++ b/rules/nftables-bbinit.in @@ -0,0 +1,9 @@ +## SECTION=initmethod_bbinit + +config NFTABLES_BBINIT_LINK + depends on NFTABLES_STARTSCRIPT + string + prompt "nftables" + default "S24nftables" + +# vim: ft=kconfig noet tw=72 diff --git a/rules/nftables.in b/rules/nftables.in index be7fca1fa0..2b35741b7d 100644 --- a/rules/nftables.in +++ b/rules/nftables.in @@ -31,6 +31,10 @@ config NFTABLES_MGMP use the nftables build-in mini-GMP instead of linking to the shared libgmp. (may reduce debugging verbosity on some files) +config NFTABLES_STARTSCRIPT + bool + prompt "install /etc/init.d/nftables" + endif # vim: ft=kconfig noet tw=72 diff --git a/rules/nftables.make b/rules/nftables.make index 6c978aa21c..c7d704612e 100644 --- a/rules/nftables.make +++ b/rules/nftables.make @@ -58,6 +58,17 @@ $(STATEDIR)/nftables.targetinstall: @$(call install_copy, nftables, 0, 0, 0755, -, /usr/sbin/nft) @$(call install_alternative, nftables, 0, 0, 0755, /etc/nftables.conf) +ifdef PTXCONF_INITMETHOD_BBINIT +ifdef PTXCONF_NFTABLES_STARTSCRIPT + @$(call install_alternative, nftables, 0, 0, 0755, /etc/init.d/nftables) + +ifneq ($(call remove_quotes,$(PTXCONF_NFTABLES_BBINIT_LINK)),) + @$(call install_link, nftables, ../init.d/nftables, \ + /etc/rc.d/$(PTXCONF_NFTABLES_BBINIT_LINK)) +endif +endif +endif + @$(call install_finish, nftables) @$(call touch) -- 2.11.0 --nextPart3457444.60iDLuVVEn Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KcHR4ZGlzdCBt YWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQ== --nextPart3457444.60iDLuVVEn--