diff options
author | Niko Mauno <niko.mauno@iki.fi> | 2019-11-26 22:14:07 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-12-04 12:30:58 +0000 |
commit | 7a2c2df853934a77a154d254b5d932b9817283f8 (patch) | |
tree | fb0e3d94fa2ed8147cd25a3a9ef68f84c131786d /meta/recipes-extended/iptables | |
parent | 05b20e95e1226a703656ac56115a022d01e4b1e5 (diff) | |
download | poky-7a2c2df853934a77a154d254b5d932b9817283f8.tar.gz |
iptables: Add systemd helper unit for IPv6 too
Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper
unit for automatic IPv4 rule loading. Complement the effort by adding
systemd helper unit also for automatic IPv6 rule loading.
(From OE-Core rev: 3b8df6b6aba3632de7c3c01c8468fbcedb032493)
Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/iptables')
4 files changed, 36 insertions, 4 deletions
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.rules | |||
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service new file mode 100644 index 0000000000..6c059fca49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.service | |||
@@ -0,0 +1,13 @@ | |||
1 | [Unit] | ||
2 | Description=IPv6 Packet Filtering Framework | ||
3 | Before=network-pre.target | ||
4 | Wants=network-pre.target | ||
5 | |||
6 | [Service] | ||
7 | Type=oneshot | ||
8 | ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules | ||
9 | ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules | ||
10 | RemainAfterExit=yes | ||
11 | |||
12 | [Install] | ||
13 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 5a8aa3f298..0eb3c343de 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service | |||
@@ -1,12 +1,12 @@ | |||
1 | [Unit] | 1 | [Unit] |
2 | Description=Packet Filtering Framework | 2 | Description=IPv4 Packet Filtering Framework |
3 | Before=network-pre.target | 3 | Before=network-pre.target |
4 | Wants=network-pre.target | 4 | Wants=network-pre.target |
5 | 5 | ||
6 | [Service] | 6 | [Service] |
7 | Type=oneshot | 7 | Type=oneshot |
8 | ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules | 8 | ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules |
9 | ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules | 9 | ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules |
10 | RemainAfterExit=yes | 10 | RemainAfterExit=yes |
11 | 11 | ||
12 | [Install] | 12 | [Install] |
diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 73680207b4..96d195d9d0 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb | |||
@@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ | |||
13 | file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ | 13 | file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ |
14 | file://iptables.service \ | 14 | file://iptables.service \ |
15 | file://iptables.rules \ | 15 | file://iptables.rules \ |
16 | file://ip6tables.service \ | ||
17 | file://ip6tables.rules \ | ||
16 | " | 18 | " |
17 | SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" | 19 | SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" |
18 | SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" | 20 | SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" |
19 | 21 | ||
20 | SYSTEMD_SERVICE_${PN} = "iptables.service" | 22 | SYSTEMD_SERVICE_${PN} = "\ |
23 | iptables.service \ | ||
24 | ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \ | ||
25 | " | ||
21 | 26 | ||
22 | inherit autotools pkgconfig systemd | 27 | inherit autotools pkgconfig systemd |
23 | 28 | ||
@@ -51,6 +56,16 @@ do_install_append() { | |||
51 | -e 's,@SBINDIR@,${sbindir},g' \ | 56 | -e 's,@SBINDIR@,${sbindir},g' \ |
52 | -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ | 57 | -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ |
53 | ${D}${systemd_system_unitdir}/iptables.service | 58 | ${D}${systemd_system_unitdir}/iptables.service |
59 | |||
60 | if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then | ||
61 | install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR} | ||
62 | install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir} | ||
63 | |||
64 | sed -i \ | ||
65 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
66 | -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ | ||
67 | ${D}${systemd_system_unitdir}/ip6tables.service | ||
68 | fi | ||
54 | } | 69 | } |
55 | 70 | ||
56 | PACKAGES += "${PN}-modules" | 71 | PACKAGES += "${PN}-modules" |
@@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \ | |||
75 | kernel-module-nf-conntrack-ipv4 \ | 90 | kernel-module-nf-conntrack-ipv4 \ |
76 | kernel-module-nf-nat \ | 91 | kernel-module-nf-nat \ |
77 | kernel-module-ipt-masquerade \ | 92 | kernel-module-ipt-masquerade \ |
93 | ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\ | ||
94 | kernel-module-ip6table-filter \ | ||
95 | kernel-module-ip6-tables \ | ||
96 | ', '', d)} \ | ||
78 | " | 97 | " |
79 | 98 | ||
80 | FILES_${PN} += "${datadir}/xtables" | 99 | FILES_${PN} += "${datadir}/xtables" |