diff options
| author |   Stuart Shelton <stuart@shelton.me> | 2016-01-11 02:47:57 +0000 |
|---|---|---|
| committer | Stuart Shelton <stuart@shelton.me> | 2016-01-11 02:47:57 +0000 |
| commit | d179b75b1620b57cfc97471f7b329e1842faac8a (patch) | |
| tree | f19b781ef9bc3e449539f0a185969d668a1fe240 /net-firewall | |
| parent | Add sys-power/apcupsd-3.14.13 (diff) | |
| download | srcshelton-d179b75b1620b57cfc97471f7b329e1842faac8a.tar.gz srcshelton-d179b75b1620b57cfc97471f7b329e1842faac8a.tar.bz2 srcshelton-d179b75b1620b57cfc97471f7b329e1842faac8a.zip | |
Update init scripts to remove bash-specific syntax
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/iptables-nftables/Manifest | 4 | ||||
| -rw-r--r-- | net-firewall/iptables-nftables/files/iptables-1.4.13-r1.init | 118 | ||||
| -rwxr-xr-x | net-firewall/iptables-nftables/files/iptables.init | 118 |
3 files changed, 148 insertions, 92 deletions
diff --git a/net-firewall/iptables-nftables/Manifest b/net-firewall/iptables-nftables/Manifest index e08f38cc..7c01d3df 100644 --- a/net-firewall/iptables-nftables/Manifest +++ b/net-firewall/iptables-nftables/Manifest @@ -1,9 +1,9 @@ AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10 -AUX iptables-1.4.13-r1.init 3105 SHA256 3ddf8418a36b69aa2ab6ecc9321e794e734bf97830c0757ce2b97320787df33e SHA512 5a974e9e7378dcaf4f3c0ebac45c18bd8e6cd0ebf37b9a711ac3dd3ad4f5454395d8698309efcbe49dbd85a4f8be06bdb4989bfa84f9aab86891990e42e9f0f4 WHIRLPOOL c36466eaa01298570423503030e0f887369ab407ee3346336a8b99662fd4726f57cd69b0a7f188d59bfb1c7278f6bce35e06188ffaa7b05213b880d94746bd2c +AUX iptables-1.4.13-r1.init 3225 SHA256 810403ff413a1feed28a2f877739d1fb151e2eadb165a7637f91bb3e8e21fa0e SHA512 16087ccb9b9a62b9ae212609ae650658fc7b59bcf360a14d0de328eb89ce190d899b5972777030d98bf79053598dbe895f375f98a1b5109a38536e042e62c743 WHIRLPOOL d75685a2e702fda20e099932e138d05f2c9fe18c19bb64dff60df326bf42df4981dd94e8ffb6ba98157b9bba127bc003ee46a3e526601332b7bc48ca0dedf5d4 AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b AUX iptables-1.4.21-configure.patch 1066 SHA256 73454c278b48fae5debcdb72ada8f2d60a36b5134cb1052b1a332b83169cbdc0 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 WHIRLPOOL 55c56c9e0711409c54b8635dc9b480be885c852b60ac336a32b3a48586c85ba5b7b9a0b4d2d427f7d646dfdc4d49c9fe6957ed39eac5cdd7de3526249f99e6ed AUX iptables-1.4.21-static-connlabel-config.patch 2195 SHA256 e03de480a940b0ac386bba2ec681f724ba39f5e53153398e061f2d74ae491c49 SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 WHIRLPOOL c1b79bb8e9a915d27940b443c564d0d00ccbd31728b8519bd18a6957ca7085c19dd09592d94a4aecee48102303a000130eba85710ad1de1533ef783ef1c28811 -AUX iptables.init 3029 SHA256 ed7831666a3b5c392a85db7bd6368cf5d1fa862c253e5f5fd3368a4517cdefa9 SHA512 c48b44e6f607166008ef46355f89480cdb625a820b04200a85126a138d15409e5cf37d34213e7ee6ef2fd7febb585c41ed26402e98bed17560f47a30a4c3688a WHIRLPOOL 8b73bcc40db23c6b1eedc2efe927ea82be8bb4b46652e7a2fa58ab9a0e98c978b0fb0fab3b1fef7d80904ce7b872255676f600300a73967987bee93f1b5ce836 +AUX iptables.init 3149 SHA256 374c4816a538bb2fbc95f36cfb4cb3c3ef563e4a1c4584f275e05fbc52d6816c SHA512 a9b95ed821ea6d83e85c39aa2cf9d8bc793119718b92ff71b270aaeb910212fa10ef263ad0b077bb4015b1997e0f5cc5a73dc629d426848706d8a7c99ac1e11d WHIRLPOOL 8bade5473e3269d940b022c835d5cd8533601bc49199da5dd20701c73ff919a05454e8e6513342c8ea68b51ad1e82d1c9451f420389d3affb317498f34855e12 AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3 AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6 AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0 diff --git a/net-firewall/iptables-nftables/files/iptables-1.4.13-r1.init b/net-firewall/iptables-nftables/files/iptables-1.4.13-r1.init index 7818c48f..baf1c46e 100644 --- a/net-firewall/iptables-nftables/files/iptables-1.4.13-r1.init +++ b/net-firewall/iptables-nftables/files/iptables-1.4.13-r1.init @@ -6,18 +6,25 @@ extra_commands="check save panic" extra_started_commands="reload" -iptables_name=${SVCNAME} -case ${iptables_name} in -iptables|ip6tables) ;; -*) iptables_name="iptables" ;; +iptables_name="${SVCNAME}" +case "${iptables_name}" in + iptables|ip6tables) + ;; + *) + iptables_name="iptables" + ;; esac iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; +case "${iptables_name}" in + iptables) + iptables_proc="/proc/net/ip_tables_names" + iptables_save="${IPTABLES_SAVE}" + ;; + ip6tables) + iptables_proc="/proc/net/ip6_tables_names" + iptables_save="${IP6TABLES_SAVE}" + ;; esac depend() { @@ -26,29 +33,32 @@ depend() { } set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; + local chain chains table policy + table="${1}" + policy="${2}" + + case "${table}" in + nat) chains="PREROUTING POSTROUTING OUTPUT" ;; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING" ;; + filter) chains="INPUT FORWARD OUTPUT" ;; + *) chains="" ;; esac - local chain for chain in ${chains} ; do - ${iptables_bin} -w -t ${table} -P ${chain} ${policy} + "${iptables_bin}" -w -t "${table}" -P "${chain}" "${policy}" done } checkkernel() { - if [ ! -e ${iptables_proc} ] ; then + if [ ! -e "${iptables_proc}" ] ; then eerror "Your kernel lacks ${iptables_name} support, please load" eerror "appropriate modules and try again." return 1 fi return 0 } + checkconfig() { - if [ ! -f ${iptables_save} ] ; then + if [ ! -f "${iptables_save}" ] ; then eerror "Not starting ${iptables_name}. First create some rules then run:" eerror "/etc/init.d/${iptables_name} save" return 1 @@ -58,41 +68,51 @@ checkconfig() { start() { checkconfig || return 1 - if [[ -x /sbin/setsystz ]] && grep -i " time " "${iptables_save}" >/dev/null 2>&1; then + + if [ -x /sbin/setsystz ] && grep -qi ' time ' "${iptables_save}"; then ebegin "Setting kernel timezone (for -m TIME rules)" /sbin/setsystz - eend $? "setsystz failed" + eend ${?} "setsystz failed" fi ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + "${iptables_bin}-restore" ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" eend $? } stop() { + local a + if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi + checkkernel || return 1 + ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + for a in $( cat "${iptables_proc}" ) ; do + set_table_policy "${a}" ACCEPT + + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done - eend $? + + eend ${?} } reload() { + local a + checkkernel || return 1 checkrules || return 1 + ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done + eend $? start @@ -100,8 +120,10 @@ reload() { checkrules() { ebegin "Checking rules" - ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? + + "${iptables_bin}-restore" --test ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" + + eend ${?} } check() { @@ -111,25 +133,31 @@ check() { save() { ebegin "Saving ${iptables_name} state" - checkpath -q -d "$(dirname "${iptables_save}")" + + checkpath -q -d "$( dirname "${iptables_save}" )" checkpath -q -m 0600 -f "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? + "${iptables_bin}-save" ${SAVE_RESTORE_OPTIONS:-} > "${iptables_save}" + + eend ${?} } panic() { + local a + checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop + + if service_started "${iptables_name}"; then + rc-service "${iptables_name}" stop fi - local a ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a - set_table_policy $a DROP + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" + + set_table_policy "${a}" DROP done - eend $? + + eend ${?} } diff --git a/net-firewall/iptables-nftables/files/iptables.init b/net-firewall/iptables-nftables/files/iptables.init index 5a030d52..f85f9d77 100755 --- a/net-firewall/iptables-nftables/files/iptables.init +++ b/net-firewall/iptables-nftables/files/iptables.init @@ -6,18 +6,25 @@ extra_commands="check save panic" extra_started_commands="reload" -iptables_name=${SVCNAME} -case ${iptables_name} in -iptables|ip6tables) ;; -*) iptables_name="iptables" ;; +iptables_name="${SVCNAME}" +case "${iptables_name}" in + iptables|ip6tables) + ;; + *) + iptables_name="iptables" + ;; esac iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; +case "${iptables_name}" in + iptables) + iptables_proc="/proc/net/ip_tables_names" + iptables_save="${IPTABLES_SAVE}" + ;; + ip6tables) + iptables_proc="/proc/net/ip6_tables_names" + iptables_save="${IP6TABLES_SAVE}" + ;; esac depend() { @@ -26,29 +33,32 @@ depend() { } set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; + local chain chains table policy + table="${1}" + policy="${2}" + + case "${table}" in + nat) chains="PREROUTING POSTROUTING OUTPUT" ;; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING" ;; + filter) chains="INPUT FORWARD OUTPUT" ;; + *) chains="" ;; esac - local chain for chain in ${chains} ; do - ${iptables_bin} -w -t ${table} -P ${chain} ${policy} + "${iptables_bin}" -w -t "${table}" -P "${chain}" "${policy}" done } checkkernel() { - if [ ! -e ${iptables_proc} ] ; then + if [ ! -e "${iptables_proc}" ] ; then eerror "Your kernel lacks ${iptables_name} support, please load" eerror "appropriate modules and try again." return 1 fi return 0 } + checkconfig() { - if [ ! -f ${iptables_save} ] ; then + if [ ! -f "${iptables_save}" ] ; then eerror "Not starting ${iptables_name}. First create some rules then run:" eerror "/etc/init.d/${iptables_name} save" return 1 @@ -58,41 +68,51 @@ checkconfig() { start() { checkconfig || return 1 - if [[ -x /sbin/setsystz ]] && grep -i " time " "${iptables_save}" >/dev/null 2>&1; then + + if [ -x /sbin/setsystz ] && grep -qi ' time ' "${iptables_save}"; then ebegin "Setting kernel timezone (for -m TIME rules)" /sbin/setsystz - eend $? "setsystz failed" + eend ${?} "setsystz failed" fi ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + "${iptables_bin}-restore" ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" eend $? } stop() { + local a + if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi + checkkernel || return 1 + ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + for a in $( cat "${iptables_proc}" ) ; do + set_table_policy "${a}" ACCEPT + + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done - eend $? + + eend ${?} } reload() { + local a + checkkernel || return 1 checkrules || return 1 + ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done + eend $? start @@ -100,8 +120,10 @@ reload() { checkrules() { ebegin "Checking rules" - ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? + + "${iptables_bin}-restore" --test ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" + + eend ${?} } check() { @@ -111,25 +133,31 @@ check() { save() { ebegin "Saving ${iptables_name} state" - checkpath -q -d "$(dirname "${iptables_save}")" + + checkpath -q -d "$( dirname "${iptables_save}" )" checkpath -q -m 0600 -f "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? + "${iptables_bin}-save" ${SAVE_RESTORE_OPTIONS:-} > "${iptables_save}" + + eend ${?} } panic() { + local a + checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop + + if service_started "${iptables_name}"; then + rc-service "${iptables_name}" stop fi - local a ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a - set_table_policy $a DROP + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" + + set_table_policy "${a}" DROP done - eend $? + + eend ${?} } |