diff options
| author | Alexander Dahl <ada@thorsis.com> | 2018-04-06 11:00:46 +0200 |
|---|---|---|
| committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-04-10 10:39:48 +0200 |
| commit | 518b1a4cd2b96bdd9c754e20e9a45672267d50ba (patch) | |
| tree | f55a551f03013751aef590a3bc2a9763bb200caf /projectroot | |
| parent | c951bf3775a3b65c28e661f91a40d57e40bc2640 (diff) | |
| download | ptxdist-518b1a4cd2b96bdd9c754e20e9a45672267d50ba.tar.gz ptxdist-518b1a4cd2b96bdd9c754e20e9a45672267d50ba.tar.xz | |
nftables: Add bbinit startscript
For loading your packet filter rules on system startup.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Diffstat (limited to 'projectroot')
| -rw-r--r-- | projectroot/etc/init.d/nftables | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/projectroot/etc/init.d/nftables b/projectroot/etc/init.d/nftables new file mode 100644 index 000000000..c10db5d90 --- /dev/null +++ b/projectroot/etc/init.d/nftables @@ -0,0 +1,103 @@ +#!/bin/sh + +# Author: Arturo Borrero Gonzalez <arturo@debian.org> +# Adapted by: Alexander Dahl <ada@thorsis.com> + +# Do NOT "set -e" + +CONF=/etc/nftables.conf + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="firewall service" +NAME=nftables +BIN=/usr/sbin/nft +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$BIN" ] || exit 0 + +do_start() +{ + # Return + # 0 if start OK + # 2 if start NOK + + # nft v0.4 return 0 if ENOENT $CONF + if [ ! -r "$CONF" ] ; then + echo "E: No such $NAME $DESC config file $CONF" >&2 + return 2 + fi + + $BIN -f $CONF || return 2 +} + +do_stop() +{ + # Return + # 0 if stopped + # 1 if already stopped + # 2 if could not be stopped + if ! do_status ; then + $BIN flush ruleset || return 2 + fi +} + +do_status() +{ + # Return + # 0 if no rules + # 1 if rules + if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then + return 0 + fi + + return 1 +} + +case "$1" in + start) + echo -n "Starting $DESC ..." + do_start + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + restart|force-reload) + echo -n "Restarting $DESC ..." + do_start + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + stop) + echo -n "Stopping $DESC ..." + do_stop + ret="$?" + case "$ret" in + 0|1) echo " Done." ;; + 2) echo " Failed." ;; + esac + exit $ret + ;; + status) + if ! do_status ; then + echo "Status of ${DESC}: rules loaded" + exit 0 + else + echo "Status of ${DESC}: no rules loaded" + exit 1 + fi + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: |