[oe-commits] [openembedded-core] 07/22: iptables: Add systemd helper unit for IPv6 too

git at git.openembedded.org git at git.openembedded.org
Wed Dec 4 12:33:03 UTC 2019 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master
in repository openembedded-core.

commit 3b8df6b6aba3632de7c3c01c8468fbcedb032493
Author: Niko Mauno <niko.mauno at iki.fi>
AuthorDate: Tue Nov 26 22:14:07 2019 +0200

    iptables: Add systemd helper unit for IPv6 too
    
    Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper
    unit for automatic IPv4 rule loading. Complement the effort by adding
    systemd helper unit also for automatic IPv6 rule loading.
    
    Signed-off-by: Niko Mauno <niko.mauno at iki.fi>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 .../iptables/iptables/ip6tables.rules               |  0
 .../iptables/iptables/ip6tables.service             | 13 +++++++++++++
 .../iptables/iptables/iptables.service              |  6 +++---
 meta/recipes-extended/iptables/iptables_1.8.3.bb    | 21 ++++++++++++++++++++-
 4 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules
new file mode 100644
index 0000000..e69de29
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service
new file mode 100644
index 0000000..6c059fc
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=IPv6 Packet Filtering Framework
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
+ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service
index 5a8aa3f..0eb3c34 100644
--- a/meta/recipes-extended/iptables/iptables/iptables.service
+++ b/meta/recipes-extended/iptables/iptables/iptables.service
@@ -1,12 +1,12 @@
 [Unit]
-Description=Packet Filtering Framework
+Description=IPv4 Packet Filtering Framework
 Before=network-pre.target
 Wants=network-pre.target
 
 [Service]
 Type=oneshot
-ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules
-ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules
+ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
+ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
 RemainAfterExit=yes
 
 [Install]
diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb
index 7368020..96d195d 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.3.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb
@@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
            file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
            file://iptables.service \
            file://iptables.rules \
+           file://ip6tables.service \
+           file://ip6tables.rules \
 "
 SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513"
 SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80"
 
-SYSTEMD_SERVICE_${PN} = "iptables.service"
+SYSTEMD_SERVICE_${PN} = "\
+    iptables.service \
+    ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \
+"
 
 inherit autotools pkgconfig systemd
 
@@ -51,6 +56,16 @@ do_install_append() {
         -e 's, at SBINDIR@,${sbindir},g' \
         -e 's, at RULESDIR@,${IPTABLES_RULES_DIR},g' \
         ${D}${systemd_system_unitdir}/iptables.service
+
+    if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then
+        install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR}
+        install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir}
+
+        sed -i \
+            -e 's, at SBINDIR@,${sbindir},g' \
+            -e 's, at RULESDIR@,${IPTABLES_RULES_DIR},g' \
+            ${D}${systemd_system_unitdir}/ip6tables.service
+    fi
 }
 
 PACKAGES += "${PN}-modules"
@@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \
     kernel-module-nf-conntrack-ipv4 \
     kernel-module-nf-nat \
     kernel-module-ipt-masquerade \
+    ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\
+        kernel-module-ip6table-filter \
+        kernel-module-ip6-tables \
+    ', '', d)} \
 "
 
 FILES_${PN} += "${datadir}/xtables"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list