summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/iptables
diff options
context:
space:
mode:
authorNiko Mauno <niko.mauno@iki.fi>2019-11-26 22:14:07 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-12-04 12:30:58 +0000
commit7a2c2df853934a77a154d254b5d932b9817283f8 (patch)
treefb0e3d94fa2ed8147cd25a3a9ef68f84c131786d /meta/recipes-extended/iptables
parent05b20e95e1226a703656ac56115a022d01e4b1e5 (diff)
downloadpoky-7a2c2df853934a77a154d254b5d932b9817283f8.tar.gz
iptables: Add systemd helper unit for IPv6 too
Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper unit for automatic IPv4 rule loading. Complement the effort by adding systemd helper unit also for automatic IPv6 rule loading. (From OE-Core rev: 3b8df6b6aba3632de7c3c01c8468fbcedb032493) Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/iptables')
-rw-r--r--meta/recipes-extended/iptables/iptables/ip6tables.rules0
-rw-r--r--meta/recipes-extended/iptables/iptables/ip6tables.service13
-rw-r--r--meta/recipes-extended/iptables/iptables/iptables.service6
-rw-r--r--meta/recipes-extended/iptables/iptables_1.8.3.bb21
4 files changed, 36 insertions, 4 deletions
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.rules
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service
new file mode 100644
index 0000000000..6c059fca49
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.service
@@ -0,0 +1,13 @@
1[Unit]
2Description=IPv6 Packet Filtering Framework
3Before=network-pre.target
4Wants=network-pre.target
5
6[Service]
7Type=oneshot
8ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
9ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules
10RemainAfterExit=yes
11
12[Install]
13WantedBy=multi-user.target
diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service
index 5a8aa3f298..0eb3c343de 100644
--- a/meta/recipes-extended/iptables/iptables/iptables.service
+++ b/meta/recipes-extended/iptables/iptables/iptables.service
@@ -1,12 +1,12 @@
1[Unit] 1[Unit]
2Description=Packet Filtering Framework 2Description=IPv4 Packet Filtering Framework
3Before=network-pre.target 3Before=network-pre.target
4Wants=network-pre.target 4Wants=network-pre.target
5 5
6[Service] 6[Service]
7Type=oneshot 7Type=oneshot
8ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules 8ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
9ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules 9ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
10RemainAfterExit=yes 10RemainAfterExit=yes
11 11
12[Install] 12[Install]
diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb
index 73680207b4..96d195d9d0 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.3.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb
@@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
13 file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ 13 file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
14 file://iptables.service \ 14 file://iptables.service \
15 file://iptables.rules \ 15 file://iptables.rules \
16 file://ip6tables.service \
17 file://ip6tables.rules \
16" 18"
17SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" 19SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513"
18SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" 20SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80"
19 21
20SYSTEMD_SERVICE_${PN} = "iptables.service" 22SYSTEMD_SERVICE_${PN} = "\
23 iptables.service \
24 ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \
25"
21 26
22inherit autotools pkgconfig systemd 27inherit autotools pkgconfig systemd
23 28
@@ -51,6 +56,16 @@ do_install_append() {
51 -e 's,@SBINDIR@,${sbindir},g' \ 56 -e 's,@SBINDIR@,${sbindir},g' \
52 -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ 57 -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
53 ${D}${systemd_system_unitdir}/iptables.service 58 ${D}${systemd_system_unitdir}/iptables.service
59
60 if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then
61 install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR}
62 install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir}
63
64 sed -i \
65 -e 's,@SBINDIR@,${sbindir},g' \
66 -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
67 ${D}${systemd_system_unitdir}/ip6tables.service
68 fi
54} 69}
55 70
56PACKAGES += "${PN}-modules" 71PACKAGES += "${PN}-modules"
@@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \
75 kernel-module-nf-conntrack-ipv4 \ 90 kernel-module-nf-conntrack-ipv4 \
76 kernel-module-nf-nat \ 91 kernel-module-nf-nat \
77 kernel-module-ipt-masquerade \ 92 kernel-module-ipt-masquerade \
93 ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\
94 kernel-module-ip6table-filter \
95 kernel-module-ip6-tables \
96 ', '', d)} \
78" 97"
79 98
80FILES_${PN} += "${datadir}/xtables" 99FILES_${PN} += "${datadir}/xtables"