From 7b5f9c034d41ae1b5e92ad58cc4ab4f985de56de Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Sun, 14 Feb 2021 03:36:46 +0000 Subject: [PATCH] Fix a few things with the dependency chain --- openrc/ipset/APKBUILD | 6 +- openrc/ipset/runfile | 4 - openrc/iptables/APKBUILD | 14 ++- openrc/iptables/{runfile-4 => runfile} | 2 +- openrc/iptables/runfile-6 | 132 ------------------------- 5 files changed, 10 insertions(+), 148 deletions(-) rename openrc/iptables/{runfile-4 => runfile} (99%) delete mode 100644 openrc/iptables/runfile-6 diff --git a/openrc/ipset/APKBUILD b/openrc/ipset/APKBUILD index a5c6302..2d78452 100644 --- a/openrc/ipset/APKBUILD +++ b/openrc/ipset/APKBUILD @@ -5,8 +5,8 @@ _grpname=firewall . ../APKBUILD-openrc.common -pkgver=2021.01.28 -pkgrel=1 +pkgver=2021.02.14 +pkgrel=0 -sha512sums="6dc3532dbd408f20b1327c711a4b8c220df1c00d69c07a5368b5da83d591f24002745e4d128b0152a41e6edc9d70a86fc43cd01089e9d0f3deea3997cd07a435 runfile +sha512sums="5d48fbdb78197344eb43d89d302f5ae558ff736a29cbf63a1723837662dafd6dcd2071015f9d2c2c979b9b4d383476972049f1d5f04d7d810e522a8697686e07 runfile da4d6b72a8e7114d44903a46455642f69ac44a51e0bf0b7bafc8b469398419128bba830c1e5c0759618784f301d07c220be98fa01eb1d3ffe72bc36768aa3472 conffile" diff --git a/openrc/ipset/runfile b/openrc/ipset/runfile index f1c8d85..bb442dd 100644 --- a/openrc/ipset/runfile +++ b/openrc/ipset/runfile @@ -38,10 +38,6 @@ sets() { } -depend() { - before iptables ip6tables -} - start() { reload } diff --git a/openrc/iptables/APKBUILD b/openrc/iptables/APKBUILD index cb3ca73..6f4437c 100644 --- a/openrc/iptables/APKBUILD +++ b/openrc/iptables/APKBUILD @@ -5,11 +5,10 @@ _grpname=firewall . ../APKBUILD-openrc.common -pkgver=2021.01.26 -pkgrel=3 +pkgver=2021.02.14 +pkgrel=0 source=" - runfile-4 - runfile-6 + runfile conffile-4 conffile-6 " @@ -19,13 +18,12 @@ package() { openrc_rx_add_to_runlevel "$pkgdir" "iptables.redxen" openrc_rx_add_to_runlevel "$pkgdir" "ip6tables.redxen" - openrc_rx_install_runfile "$pkgdir" "runfile-4" "iptables.redxen" - openrc_rx_install_runfile "$pkgdir" "runfile-6" "ip6tables.redxen" + openrc_rx_install_runfile "$pkgdir" "runfile" "iptables.redxen" + openrc_rx_install_runfile "$pkgdir" "runfile" "ip6tables.redxen" openrc_rx_install_conffile "$pkgdir" "conffile-4" "iptables.redxen" openrc_rx_install_conffile "$pkgdir" "conffile-6" "ip6tables.redxen" } -sha512sums="5345c1607fd90f08db81e20466ad4169461ed8a711689567e0534a4d1afbf115cf7d0420d39c7ed3ce688387ce31cb8b0092955c9022c40e0ddb82dc7ab1b620 runfile-4 -5345c1607fd90f08db81e20466ad4169461ed8a711689567e0534a4d1afbf115cf7d0420d39c7ed3ce688387ce31cb8b0092955c9022c40e0ddb82dc7ab1b620 runfile-6 +sha512sums="06942c49589a810bf6418ea718d6775e9400899fb52c4097df4590cf2764252de6230710b3682157c1ff15d781919265772869d33cd45234a1b4649ac29343fb runfile 9673f6611a4bfdc27fd4f6759331ce6696d688950c98cc8017ac396e9c26b2036c46108c2ea7f5d631d0dd67f79552e3713b973a752f2c47c8e4178f3d16da9a conffile-4 02ce6849b1f9723f97bba57682ad3f3aebe9e80ee89cf0f324c69bc753654a8e6693804c4462b848945f0b50752378b4c3b7c4a95c1ce81406b37288968aaa1b conffile-6" diff --git a/openrc/iptables/runfile-4 b/openrc/iptables/runfile similarity index 99% rename from openrc/iptables/runfile-4 rename to openrc/iptables/runfile index 9e16553..2b92f4d 100644 --- a/openrc/iptables/runfile-4 +++ b/openrc/iptables/runfile @@ -25,7 +25,7 @@ esac depend() { before net - after sysctl + after sysctl ipset.redxen use logger provide firewall } diff --git a/openrc/iptables/runfile-6 b/openrc/iptables/runfile-6 deleted file mode 100644 index 9e16553..0000000 --- a/openrc/iptables/runfile-6 +++ /dev/null @@ -1,132 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.11.init,v 1.2 2011/12/04 10:15:59 swegener Exp $ - -description="IPv4/IPv6 packet filtering and NAT" -description_save="Save firewall state" -description_panic="Drop all packets" -description_reload="Reload configuration" - -extra_commands="save panic" -extra_started_commands="reload" - -iptables_name="${SVCNAME%%.*}" - -iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE} - sysctl_ipfwd=net.ipv4.ip_forward;; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE} - sysctl_ipfwd=net.ipv6.conf.all.forwarding;; -esac - -depend() { - before net - after sysctl - use logger - provide firewall -} - -set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; - esac - local chain - for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} - done -} - -checkkernel() { - if [ ! -e ${iptables_proc} ] ; then - eerror "Your kernel lacks ${iptables_name} support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} -checkconfig() { - if [ ! -f ${iptables_save} ] ; then - eerror "Not starting ${iptables_name}. First create some rules then run:" - eerror "/etc/init.d/${iptables_name} save" - return 1 - fi - return 0 -} - -start() { - checkconfig || return 1 - ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? - if yesno "${IPFORWARD}"; then - ebegin "Enabling forwarding" - /sbin/sysctl -w ${sysctl_ipfwd}=1 > /dev/null - eend $? - fi -} - -stop() { - if yesno "${IPFORWARD}"; then - ebegin "Disabling forwarding" - /sbin/sysctl -w ${sysctl_ipfwd}=0 > /dev/null - eend $? - fi - if yesno "${SAVE_ON_STOP}"; then - save || return 1 - fi - checkkernel || return 1 - ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? - - start -} - -save() { - ebegin "Saving ${iptables_name} state" - checkpath -fm 0600 "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? -} - -panic() { - checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop - fi - - local a - ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - - set_table_policy $a DROP - done - eend $? -}