[OE-core] [PATCH 5/5] iptables: update init script and bb file

[Kang Kai]

On 2014年06月24日 14:01, Anders Darander wrote:
> * Kang Kai <Kai.Kang at windriver.com> [140624 03:49]:
>
>> On 2014年06月23日 19:44, Anders Darander wrote:
>>> * Kai Kang <kai.kang at windriver.com> [140623 04:34]:
>>>> Update path of command iptables in init script that we put it in
>>>> /usr/sbin rather than /sbin. Then update bb file to install init script,
>>>> configure and rules files.
>>> These new files aren't that big, but could you anyway package at least
>>> the rules files into a separate package? Using an RRECOMMENDS would be
>>> fine, as I can easily add a BAD_RECOMMENDATION for that package.
>> Of course.
>> And as I replied in last main, do you think that an empty rule is
>> better? A little concern is for iptables newbies.
> Well, I'd be at lest a little bit happier to have the ipv6 rules file
> obey the ipv6 distro feature, see below.
>
> Besides, most users of OE-Core won't have any benefit of a pre-generated
> iptable rules file. Remember, we're building embedded devices that have
> everything but a standard setup.
>
> If you want a static firewall configuration supplied by oe-core, can't
> we package it in a separate package anyway?

OK.

>
>>> It might be that I don't need/want both of iptables and ip6tables
>>> installed; or even that I don't want either of those installed by
>>> default.
>> iptables and ip6tables are not split into separated packages, so I put
>> them together. And package iptbales is not installed by default indeed.
> No, but at least we're not building IPv6 support into the package if
> ipv6 is not set in DISTRO_FEATURES. At the very least, the ip6tables
> rule file should obey that DISTRO_FEATUR also.

I'll update to check DISTRO_FEATURES for ipv6 supports.

Regards,
Kai


>
> Cheers,
> Anders
>


-- 
Regards,
Neil | Kai Kang