From 185fa19bbf68a4d4dca534d2b46729207a177f16 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 11 May 2021 19:55:43 +0100 Subject: gentoo resync : 11.05.2021 --- net-firewall/nftables/files/nftables-mk.init | 104 ---------------------- net-firewall/nftables/files/nftables.init | 124 --------------------------- 2 files changed, 228 deletions(-) delete mode 100644 net-firewall/nftables/files/nftables-mk.init delete mode 100644 net-firewall/nftables/files/nftables.init (limited to 'net-firewall/nftables/files') diff --git a/net-firewall/nftables/files/nftables-mk.init b/net-firewall/nftables/files/nftables-mk.init deleted file mode 100644 index f7e3dce8ada2..000000000000 --- a/net-firewall/nftables/files/nftables-mk.init +++ /dev/null @@ -1,104 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="check clear list panic save soft_panic" -extra_started_commands="reload" - -depend() { - need localmount #434774 - before net -} - -checkkernel() { - if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} - -checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then - eerror "Not starting nftables. First create some rules then run:" - eerror "/etc/init.d/${SVCNAME} save" - return 1 - fi - return 0 -} - -start_pre() { - checkconfig || return 1 - checkkernel || return 1 - check || return 1 -} - -start() { - ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - - ebegin "Stopping firewall" - if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic - elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic - else - /usr/libexec/nftables/nftables.sh clear - fi - eend $? -} - -reload() { - start_pre || return 1 - start -} - -clear() { - ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? -} - -list() { - /usr/libexec/nftables/nftables.sh list -} - -check() { - ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? -} - -save() { - ebegin "Saving ${SVCNAME} state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? -} - -panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap - fi - ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? -} - -soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap - fi - ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? -} diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init deleted file mode 100644 index cf4ab8b5f44b..000000000000 --- a/net-firewall/nftables/files/nftables.init +++ /dev/null @@ -1,124 +0,0 @@ -#!/sbin/openrc-run -# Copyright 2014-2017 Nicholas Vinson -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="clear list panic save" -extra_started_commands="reload" -depend() { - need localmount #434774 - before net -} - -start_pre() { - checkkernel || return 1 - checkconfig || return 1 - return 0 -} - -clear() { - /usr/libexec/nftables/nftables.sh clear || return 1 - return 0 -} - -list() { - /usr/libexec/nftables/nftables.sh list || return 1 - return 0 -} - -panic() { - checkkernel || return 1 - if service_started ${RC_SVCNAME}; then - rc-service ${RC_SVCNAME} stop - fi - - ebegin "Dropping all packets" - clear - if nft create table ip filter >/dev/null 2>&1; then - nft -f /dev/stdin <<-EOF - table ip filter { - chain input { - type filter hook input priority 0; - drop - } - chain forward { - type filter hook forward priority 0; - drop - } - chain output { - type filter hook output priority 0; - drop - } - } - EOF - fi - if nft create table ip6 filter >/dev/null 2>&1; then - nft -f /dev/stdin <<-EOF - table ip6 filter { - chain input { - type filter hook input priority 0; - drop - } - chain forward { - type filter hook forward priority 0; - drop - } - chain output { - type filter hook output priority 0; - drop - } - } - EOF - fi -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - clear - start -} - -save() { - ebegin "Saving nftables state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - export SAVE_OPTIONS - /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} - return $? -} - -start() { - ebegin "Loading nftables state and starting firewall" - clear - /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE} - eend $? -} - -stop() { - if yesno ${SAVE_ON_STOP:-yes}; then - save || return 1 - fi - - ebegin "Stopping firewall" - clear - eend $? -} - -checkconfig() { - if [ ! -f ${NFTABLES_SAVE} ]; then - eerror "Not starting nftables. First create some rules then run:" - eerror "rc-service nftables save" - return 1 - fi - return 0 -} - -checkkernel() { - if ! nft list tables >/dev/null 2>&1; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} -- cgit v1.2.3