diff options
| author | Matthew Vernon <matthew@debian.org> | 2021-01-29 19:39:12 +0000 |
|---|---|---|
| committer | Matthew Vernon <matthew@debian.org> | 2021-01-29 19:39:12 +0000 |
| commit | d7c76cd1124b57f51ae974d01af1918de2324054 (patch) | |
| tree | d8ae57b270cbd3f683456f4437a6e992b1fb08ea | |
| parent | 3af9d27926188c2607021c4da5cb2ef26303bdeb (diff) | |
Simple nfstable init script from Carsten Leonhardtdebian/0.07archive/debian/0.07
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/copyright | 5 | ||||
| -rwxr-xr-x | scripts/nftables | 141 | ||||
| -rw-r--r-- | scripts/nftables.md5sum | 1 |
4 files changed, 41 insertions, 112 deletions
diff --git a/debian/changelog b/debian/changelog index dcfefe2..e4db184 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +orphan-sysvinit-scripts (0.07) unstable; urgency=medium + + * Simpler nfstables init script from Carsten Leonhardt + + -- Matthew Vernon <matthew@debian.org> Fri, 29 Jan 2021 19:38:14 +0000 + orphan-sysvinit-scripts (0.06) unstable; urgency=medium * Update iwd script copyright (thanks Sean Whitton / ftpmaster) diff --git a/debian/copyright b/debian/copyright index 520383d..47f2dd9 100644 --- a/debian/copyright +++ b/debian/copyright @@ -37,9 +37,8 @@ License: GPL-2+ Comment: Salsa utopia-team/network-manager d40513e1 Files: scripts/nftables -Copyright: 2015 Arturo Borrero Gonzalez <arturo@debian.org> -License: GPL-2 -Comment: Salsa pkg-netfilter-team/pkg-nftables 88b9c37 +Copyright: 2021 Carsten Leonhardt <leo@debian.org> +License: BSD-2-Clause Files: scripts/tomcat9 Copyright: 2008,2011, Canonical Ltd. diff --git a/scripts/nftables b/scripts/nftables index 69e12b6..ed36eb5 100755 --- a/scripts/nftables +++ b/scripts/nftables @@ -1,122 +1,45 @@ -#!/bin/sh +#! /bin/sh +# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing. +if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then + set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script +fi ### BEGIN INIT INFO # Provides: nftables -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $remote_fs $syslog -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Short-Description: nftables firewall service -# Description: nftables firewall system service +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Should-Start: +# Default-Start: S +# Default-Stop: 0 1 6 +# Short-Description: Loads nftables firewall rules +# Description: Loads nftables firewall rules ### END INIT INFO -# Author: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> +# Author: Carsten Leonhardt <leo@debian.org> -# Do NOT "set -e" +DESC="nftables" +DAEMON=none +PIDFILE=none +NFT=/usr/sbin/nft -CONF=/etc/nftables.conf +# Exit if the package is not installed. +[ -x "$NFT" ] || exit 0 -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="firewall service" -NAME=nftables -BIN=/usr/sbin/nft -SCRIPTNAME=/etc/init.d/$NAME -# Exit if the package is not installed -[ -x "$BIN" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -do_start() -{ - # Return - # 0 if start OK - # 2 if start NOK - - # nft v0.4 return 0 if ENOENT $CONF - if [ ! -r "$CONF" ] ; then - echo "E: No such $NAME $DESC config file $CONF" >&2 - return 2 - fi - - $BIN -f $CONF || return 2 +do_start_cmd_override () { + $NFT -f /etc/nftables.conf } -do_stop() -{ - # Return - # 0 if stopped - # 1 if already stopped - # 2 if could not be stopped - if ! do_status ; then - $BIN flush ruleset || return 2 - fi +do_stop_cmd_override () { + $NFT flush ruleset } -do_status() -{ - # Return - # 0 if no rules - # 1 if rules - if [ "$($BIN list ruleset 2>/dev/null | wc -l)" = "0" ] ; then - return 0 - fi - - return 1 +do_status_override () { + if test `$NFT list ruleset | wc -c` -gt 0; + then + echo nft ruleset loaded: yes + return 0 + else + echo nft ruleset loaded: no + return 1 + fi } - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - ret="$?" - case "$ret" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - exit $ret - ;; - restart|force-reload) - [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME" - do_start - ret="$?" - case "$ret" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - exit $ret - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - ret="$?" - case "$ret" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - exit $ret - ;; - status) - if ! do_status ; then - [ "$VERBOSE" != no ] && log_daemon_msg "Status of ${DESC}: rules loaded" "$NAME" - [ "$VERBOSE" != no ] && log_end_msg 0 - exit 0 - else - [ "$VERBOSE" != no ] && log_daemon_msg "Status of ${DESC}: no rules loaded" "$NAME" - [ "$VERBOSE" != no ] && log_end_msg 1 - exit 1 - fi - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/scripts/nftables.md5sum b/scripts/nftables.md5sum index 2248c2c..34f4131 100644 --- a/scripts/nftables.md5sum +++ b/scripts/nftables.md5sum @@ -1 +1,2 @@ caa93a6ceb84b857b6df0c6cbdb75b5d upstream_0.03 +14930434a76c92e8c4d41d7242ddecf5 unstable_0.07 |