diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2021-05-11 19:55:43 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2021-05-11 19:55:43 +0100 |
| commit | 185fa19bbf68a4d4dca534d2b46729207a177f16 (patch) | |
| tree | a8a537b82fda83a0799c2ca9887f212558363aa7 /net-firewall/nftables/files | |
| parent | c8fd0d84af0bfd1949542adc2cbb735b1d28f9ed (diff) | |
gentoo resync : 11.05.2021
Diffstat (limited to 'net-firewall/nftables/files')
| -rw-r--r-- | net-firewall/nftables/files/nftables-mk.init | 104 | ||||
| -rw-r--r-- | net-firewall/nftables/files/nftables.init | 124 |
2 files changed, 0 insertions, 228 deletions
diff --git a/net-firewall/nftables/files/nftables-mk.init b/net-firewall/nftables/files/nftables-mk.init deleted file mode 100644 index f7e3dce8ada2..000000000000 --- a/net-firewall/nftables/files/nftables-mk.init +++ /dev/null @@ -1,104 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="check clear list panic save soft_panic" -extra_started_commands="reload" - -depend() { - need localmount #434774 - before net -} - -checkkernel() { - if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} - -checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then - eerror "Not starting nftables. First create some rules then run:" - eerror "/etc/init.d/${SVCNAME} save" - return 1 - fi - return 0 -} - -start_pre() { - checkconfig || return 1 - checkkernel || return 1 - check || return 1 -} - -start() { - ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - - ebegin "Stopping firewall" - if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic - elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic - else - /usr/libexec/nftables/nftables.sh clear - fi - eend $? -} - -reload() { - start_pre || return 1 - start -} - -clear() { - ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? -} - -list() { - /usr/libexec/nftables/nftables.sh list -} - -check() { - ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? -} - -save() { - ebegin "Saving ${SVCNAME} state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? -} - -panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap - fi - ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? -} - -soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap - fi - ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? -} diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init deleted file mode 100644 index cf4ab8b5f44b..000000000000 --- a/net-firewall/nftables/files/nftables.init +++ /dev/null @@ -1,124 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2014-2017 Nicholas Vinson -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="clear list panic save" -extra_started_commands="reload" -depend() { - need localmount #434774 - before net -} - -start_pre() { - checkkernel || return 1 - checkconfig || return 1 - return 0 -} - -clear() { - /usr/libexec/nftables/nftables.sh clear || return 1 - return 0 -} - -list() { - /usr/libexec/nftables/nftables.sh list || return 1 - return 0 -} - -panic() { - checkkernel || return 1 - if service_started ${RC_SVCNAME}; then - rc-service ${RC_SVCNAME} stop - fi - - ebegin "Dropping all packets" - clear - if nft create table ip filter >/dev/null 2>&1; then - nft -f /dev/stdin <<-EOF - table ip filter { - chain input { - type filter hook input priority 0; - drop - } - chain forward { - type filter hook forward priority 0; - drop - } - chain output { - type filter hook output priority 0; - drop - } - } - EOF - fi - if nft create table ip6 filter >/dev/null 2>&1; then - nft -f /dev/stdin <<-EOF - table ip6 filter { - chain input { - type filter hook input priority 0; - drop - } - chain forward { - type filter hook forward priority 0; - drop - } - chain output { - type filter hook output priority 0; - drop - } - } - EOF - fi -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - clear - start -} - -save() { - ebegin "Saving nftables state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - export SAVE_OPTIONS - /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} - return $? -} - -start() { - ebegin "Loading nftables state and starting firewall" - clear - /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE} - eend $? -} - -stop() { - if yesno ${SAVE_ON_STOP:-yes}; then - save || return 1 - fi - - ebegin "Stopping firewall" - clear - eend $? -} - -checkconfig() { - if [ ! -f ${NFTABLES_SAVE} ]; then - eerror "Not starting nftables. First create some rules then run:" - eerror "rc-service nftables save" - return 1 - fi - return 0 -} - -checkkernel() { - if ! nft list tables >/dev/null 2>&1; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} |