subject:"\[OE\-core\] \[PATCH\] iptables\: Add systemd support"

Re: [OE-core] [PATCH] iptables: Add systemd support

2016-02-04 Thread Phil Blundell

Also, please don't hardcode /usr/libexec/iptables
or /etc/default/iptables in the service files.

p.

On Thu, 2016-02-04 at 22:14 +0100, Pau Espin Pedrol wrote:
> Please use ${systemd_system_unitdir} instead of
> ${systemd_unitdir}/system
> 
> Pau Espin Pedrol
> mail/jabber: pespin.s...@gmail.com
> http://blog.espeweb.net
> 
> 
> 2016-02-02 5:19 GMT+01:00 Li Xin :
> Add iptables.service & ip6tables.service to support systemd
> systems.
> 
> Signed-off-by: Li Xin 
> ---
>  .../iptables/iptables/ip6tables.service | 17
> +
>  .../recipes-extended/iptables/iptables/iptables.service | 17
> +
>  meta/recipes-extended/iptables/iptables_1.4.21.bb   | 16
> +++-
>  3 files changed, 49 insertions(+), 1 deletion(-)
>  create mode 100644
> meta/recipes-extended/iptables/iptables/ip6tables.service
>  create mode 100644
> meta/recipes-extended/iptables/iptables/iptables.service
> 
> diff --git
> a/meta/recipes-extended/iptables/iptables/ip6tables.service
> b/meta/recipes-extended/iptables/iptables/ip6tables.service
> new file mode 100644
> index 000..148a1b9
> --- /dev/null
> +++
> b/meta/recipes-extended/iptables/iptables/ip6tables.service
> @@ -0,0 +1,17 @@
> +[Unit]
> +Description=IPv6 firewall with ip6tables
> +After=syslog.target
> +ConditionPathExists=/etc/default/iptables
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=/usr/libexec/iptables/ip6tables.init start
> +ExecStop=/usr/libexec/iptables/ip6tables.init stop
> +Environment=BOOTUP=serial
> +Environment=CONSOLETYPE=serial
> +StandardOutput=syslog
> +StandardError=syslog
> +
> +[Install]
> +WantedBy=basic.target
> diff --git
> a/meta/recipes-extended/iptables/iptables/iptables.service
> b/meta/recipes-extended/iptables/iptables/iptables.service
> new file mode 100644
> index 000..9745c71
> --- /dev/null
> +++ b/meta/recipes-extended/iptables/iptables/iptables.service
> @@ -0,0 +1,17 @@
> +[Unit]
> +Description=IPv4 firewall with iptables
> +After=syslog.target
> +ConditionPathExists=/etc/default/iptables
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=/usr/libexec/iptables/iptables.init start
> +ExecStop=/usr/libexec/iptables/iptables.init stop
> +Environment=BOOTUP=serial
> +Environment=CONSOLETYPE=serial
> +StandardOutput=syslog
> +StandardError=syslog
> +
> +[Install]
> +WantedBy=basic.target
> diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb
> b/meta/recipes-extended/iptables/iptables_1.4.21.bb
> index deea5e5..84c95ea 100644
> --- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
> +++ b/meta/recipes-extended/iptables/iptables_1.4.21.bb
> @@ -24,12 +24,14 @@ SRC_URI =
> "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
> 
> file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 
> \
> file://0001-fix-build-with-musl.patch \
> 
> 
> file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch 
> \
> +   file://iptables.service \
> +   file://ip6tables.service \
>"
> 
>  SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0"
>  SRC_URI[sha256sum] =
> "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0"
> 
> -inherit autotools pkgconfig
> +inherit autotools pkgconfig systemd
> 
>  EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
> "
> @@ -46,3 +48,15 @@ do_configure_prepend() {
> # Keep ax_check_linker_flags.m4 which belongs to
> autoconf-archive.
> rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4
> ltsugar.m4 ltversion.m4
>  }
> +
> +do_install_append() {
> +install -d ${D}${systemd_unitdir}/system
> +install -m 0644 ${WORKDIR}/ip6tables.service
> ${D}${systemd_unitdir}/system/
> +install -m 0644 ${WORKDIR}/iptables.service
> ${D}${systemd_unitdir}/system/
> +sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
> +   ${D}${systemd_unitdir}/system/iptables.service
> +sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
> +
>

Re: [OE-core] [PATCH] iptables: Add systemd support

2016-02-04 Thread Pau Espin Pedrol

Please use ${systemd_system_unitdir} instead of ${systemd_unitdir}/system

Pau Espin Pedrol
mail/jabber: pespin.s...@gmail.com
http://blog.espeweb.net

2016-02-02 5:19 GMT+01:00 Li Xin :

> Add iptables.service & ip6tables.service to support systemd systems.
>
> Signed-off-by: Li Xin 
> ---
>  .../iptables/iptables/ip6tables.service | 17
> +
>  .../recipes-extended/iptables/iptables/iptables.service | 17
> +
>  meta/recipes-extended/iptables/iptables_1.4.21.bb   | 16
> +++-
>  3 files changed, 49 insertions(+), 1 deletion(-)
>  create mode 100644
> meta/recipes-extended/iptables/iptables/ip6tables.service
>  create mode 100644
> meta/recipes-extended/iptables/iptables/iptables.service
>
> diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service
> b/meta/recipes-extended/iptables/iptables/ip6tables.service
> new file mode 100644
> index 000..148a1b9
> --- /dev/null
> +++ b/meta/recipes-extended/iptables/iptables/ip6tables.service
> @@ -0,0 +1,17 @@
> +[Unit]
> +Description=IPv6 firewall with ip6tables
> +After=syslog.target
> +ConditionPathExists=/etc/default/iptables
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=/usr/libexec/iptables/ip6tables.init start
> +ExecStop=/usr/libexec/iptables/ip6tables.init stop
> +Environment=BOOTUP=serial
> +Environment=CONSOLETYPE=serial
> +StandardOutput=syslog
> +StandardError=syslog
> +
> +[Install]
> +WantedBy=basic.target
> diff --git a/meta/recipes-extended/iptables/iptables/iptables.service
> b/meta/recipes-extended/iptables/iptables/iptables.service
> new file mode 100644
> index 000..9745c71
> --- /dev/null
> +++ b/meta/recipes-extended/iptables/iptables/iptables.service
> @@ -0,0 +1,17 @@
> +[Unit]
> +Description=IPv4 firewall with iptables
> +After=syslog.target
> +ConditionPathExists=/etc/default/iptables
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=/usr/libexec/iptables/iptables.init start
> +ExecStop=/usr/libexec/iptables/iptables.init stop
> +Environment=BOOTUP=serial
> +Environment=CONSOLETYPE=serial
> +StandardOutput=syslog
> +StandardError=syslog
> +
> +[Install]
> +WantedBy=basic.target
> diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb
> b/meta/recipes-extended/iptables/iptables_1.4.21.bb
> index deea5e5..84c95ea 100644
> --- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
> +++ b/meta/recipes-extended/iptables/iptables_1.4.21.bb
> @@ -24,12 +24,14 @@ SRC_URI = "
> http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
>
> file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
> file://0001-fix-build-with-musl.patch \
>
> file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
> \
> +   file://iptables.service \
> +   file://ip6tables.service \
>"
>
>  SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0"
>  SRC_URI[sha256sum] =
> "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0"
>
> -inherit autotools pkgconfig
> +inherit autotools pkgconfig systemd
>
>  EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
> "
> @@ -46,3 +48,15 @@ do_configure_prepend() {
> # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
> rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4
> ltversion.m4
>  }
> +
> +do_install_append() {
> +install -d ${D}${systemd_unitdir}/system
> +install -m 0644 ${WORKDIR}/ip6tables.service
> ${D}${systemd_unitdir}/system/
> +install -m 0644 ${WORKDIR}/iptables.service
> ${D}${systemd_unitdir}/system/
> +sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
> +   ${D}${systemd_unitdir}/system/iptables.service
> +sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
> +   ${D}${systemd_unitdir}/system/ip6tables.service
> +}
> +
> +SYSTEMD_SERVICE_${PN} = "iptables.service ip6tables.service"
> --
> 1.8.4.2
>
>
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] iptables: Add systemd support

2016-02-01 Thread Li Xin

Add iptables.service & ip6tables.service to support systemd systems.

Signed-off-by: Li Xin 
---
 .../iptables/iptables/ip6tables.service | 17 +
 .../recipes-extended/iptables/iptables/iptables.service | 17 +
 meta/recipes-extended/iptables/iptables_1.4.21.bb   | 16 +++-
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.service
 create mode 100644 meta/recipes-extended/iptables/iptables/iptables.service

diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service 
b/meta/recipes-extended/iptables/iptables/ip6tables.service
new file mode 100644
index 000..148a1b9
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=IPv6 firewall with ip6tables
+After=syslog.target
+ConditionPathExists=/etc/default/iptables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/iptables/ip6tables.init start
+ExecStop=/usr/libexec/iptables/ip6tables.init stop
+Environment=BOOTUP=serial
+Environment=CONSOLETYPE=serial
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target
diff --git a/meta/recipes-extended/iptables/iptables/iptables.service 
b/meta/recipes-extended/iptables/iptables/iptables.service
new file mode 100644
index 000..9745c71
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/iptables.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=IPv4 firewall with iptables
+After=syslog.target
+ConditionPathExists=/etc/default/iptables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/iptables/iptables.init start
+ExecStop=/usr/libexec/iptables/iptables.init stop
+Environment=BOOTUP=serial
+Environment=CONSOLETYPE=serial
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target
diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb 
b/meta/recipes-extended/iptables/iptables_1.4.21.bb
index deea5e5..84c95ea 100644
--- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
+++ b/meta/recipes-extended/iptables/iptables_1.4.21.bb
@@ -24,12 +24,14 @@ SRC_URI = 
"http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \

file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
file://0001-fix-build-with-musl.patch \

file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
+   file://iptables.service \
+   file://ip6tables.service \
   "
 
 SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0"
 SRC_URI[sha256sum] = 
"52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0"
 
-inherit autotools pkgconfig
+inherit autotools pkgconfig systemd
 
 EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
"
@@ -46,3 +48,15 @@ do_configure_prepend() {
# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
 }
+
+do_install_append() {
+install -d ${D}${systemd_unitdir}/system
+install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_unitdir}/system/
+install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_unitdir}/system/
+sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
+   ${D}${systemd_unitdir}/system/iptables.service
+sed -i -e "s,/usr/libexec/iptables,${libexecdir},g" \
+   ${D}${systemd_unitdir}/system/ip6tables.service
+}
+
+SYSTEMD_SERVICE_${PN} = "iptables.service ip6tables.service"
-- 
1.8.4.2



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] iptables: add systemd support.

2015-06-26 Thread Li xin

Add systemd service file iptables.service and ip6tables.service,
also,add configuration file.

Signed-off-by: Li Xin lixin.f...@cn.fujitsu.com
---
 .../iptables/iptables/ip6tables.data   |  13 +
 .../iptables/iptables/ip6tables.default|  48 +++
 .../iptables/iptables/ip6tables.init   | 369 +
 .../iptables/iptables/ip6tables.service|  17 +
 .../iptables/iptables/iptables.data|  13 +
 .../iptables/iptables/iptables.default |  48 +++
 .../iptables/iptables/iptables.init| 369 +
 .../iptables/iptables/iptables.service |  17 +
 meta/recipes-extended/iptables/iptables_1.4.21.bb  |  35 +-
 9 files changed, 928 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.data
 create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.default
 create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.init
 create mode 100644 meta/recipes-extended/iptables/iptables/ip6tables.service
 create mode 100644 meta/recipes-extended/iptables/iptables/iptables.data
 create mode 100644 meta/recipes-extended/iptables/iptables/iptables.default
 create mode 100644 meta/recipes-extended/iptables/iptables/iptables.init
 create mode 100644 meta/recipes-extended/iptables/iptables/iptables.service

diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.data 
b/meta/recipes-extended/iptables/iptables/ip6tables.data
new file mode 100644
index 000..0280a80
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.data
@@ -0,0 +1,13 @@
+# Firewall configuration written by system-config-firewall
+# Manual customization of this file is not recommended.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.default 
b/meta/recipes-extended/iptables/iptables/ip6tables.default
new file mode 100644
index 000..d385911
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.default
@@ -0,0 +1,48 @@
+# Load additional ip6tables modules (nat helpers)
+#   Default: -none-
+# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
+# are loaded after the firewall rules are applied. Options for the helpers are
+# stored in /etc/modprobe.conf.
+IP6TABLES_MODULES=
+
+# Unload modules on restart and stop
+#   Value: yes|no,  default: yes
+# This option has to be 'yes' to get to a sane state for a firewall
+# restart or stop. Only set to 'no' if there are problems unloading netfilter
+# modules.
+IP6TABLES_MODULES_UNLOAD=yes
+
+# Save current firewall rules on stop.
+#   Value: yes|no,  default: no
+# Saves all firewall rules to /etc/sysconfig/ip6tables if firewall gets stopped
+# (e.g. on system shutdown).
+IP6TABLES_SAVE_ON_STOP=no
+
+# Save current firewall rules on restart.
+#   Value: yes|no,  default: no
+# Saves all firewall rules to /etc/sysconfig/ip6tables if firewall gets
+# restarted.
+IP6TABLES_SAVE_ON_RESTART=no
+
+# Save (and restore) rule and chain counter.
+#   Value: yes|no,  default: no
+# Save counters for rules and chains to /etc/sysconfig/ip6tables if
+# 'service ip6tables save' is called or on stop or restart if SAVE_ON_STOP or
+# SAVE_ON_RESTART is enabled.
+IP6TABLES_SAVE_COUNTER=no
+
+# Numeric status output
+#   Value: yes|no,  default: yes
+# Print IP addresses and port numbers in numeric format in the status output.
+IP6TABLES_STATUS_NUMERIC=yes
+
+# Verbose status output
+#   Value: yes|no,  default: yes
+# Print info about the number of packets and bytes plus the input- and
+# outputdevice in the status output.
+IP6TABLES_STATUS_VERBOSE=no
+
+# Status output with numbered lines
+#   Value: yes|no,  default: yes
+# Print a counter/number for every rule in the status output.
+IP6TABLES_STATUS_LINENUMBERS=yes
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.init 
b/meta/recipes-extended/iptables/iptables/ip6tables.init
new file mode 100644
index 000..8411c07
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/ip6tables.init
@@ -0,0 +1,369 @@
+#!/bin/sh
+#
+# ip6tablesStart ip6tables firewall
+#
+# chkconfig: 2345 08 92
+# description: Starts, stops and saves ip6tables firewall
+#
+# config: /etc/iptables/ip6tables
+# config: /etc/default/ip6tables
+#
+### BEGIN INIT INFO
+# Provides: ip6tables
+# Required-Start:
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop ip6tables firewall
+# Description: Start, stop and save ip6tables firewall
+### END INIT INFO
+
+# Source function library.
+. /etc/init.d/functions
+

Re: [OE-core] [PATCH] iptables: Add systemd support

Re: [OE-core] [PATCH] iptables: Add systemd support

[OE-core] [PATCH] iptables: Add systemd support

[OE-core] [PATCH] iptables: add systemd support.

4 matches

Site Navigation

Mail list logo

Footer information