diff options
author | Nicholas Vinson <nvinson234@gmail.com> | 2016-06-04 16:41:47 -0700 |
---|---|---|
committer | Göktürk Yüksek <gokturk@gentoo.org> | 2016-07-03 18:00:24 -0400 |
commit | 160075aa919934526da27ff062ecf2fd75d0cf59 (patch) | |
tree | c68c1babb8622202718b2a4d3f4571b27f16cf5a | |
parent | net-firewall/nftables: Remove outdated files (diff) | |
download | gentoo-160075aa919934526da27ff062ecf2fd75d0cf59.tar.gz gentoo-160075aa919934526da27ff062ecf2fd75d0cf59.tar.bz2 gentoo-160075aa919934526da27ff062ecf2fd75d0cf59.zip |
net-firewall/nftables: Update support & service files
- remove extraneous "exit $?" from files/libexec/nftables.sh
- rename nftables.init-r2 to nftables.init
- recreate & rewrite files/systemd/nftables.service into a proper systemd service
- Update nftables-0.6.ebuild to use new file names.
Package-Manager: portage-2.3.0_rc1
-rwxr-xr-x | net-firewall/nftables/files/libexec/nftables.sh | 1 | ||||
-rw-r--r-- | net-firewall/nftables/files/nftables.init (renamed from net-firewall/nftables/files/nftables.init-r2) | 4 | ||||
-rw-r--r-- | net-firewall/nftables/files/systemd/nftables-restore.service | 14 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-0.6-r1.ebuild (renamed from net-firewall/nftables/nftables-0.6.ebuild) | 24 |
4 files changed, 36 insertions, 7 deletions
diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh index 2d8c9f04d69d..f720b9bfc514 100755 --- a/net-firewall/nftables/files/libexec/nftables.sh +++ b/net-firewall/nftables/files/libexec/nftables.sh @@ -147,4 +147,3 @@ deletetable() { } main "$@" -exit $? diff --git a/net-firewall/nftables/files/nftables.init-r2 b/net-firewall/nftables/files/nftables.init index 5a59fbc00387..217251e41db4 100644 --- a/net-firewall/nftables/files/nftables.init-r2 +++ b/net-firewall/nftables/files/nftables.init @@ -1,6 +1,6 @@ #!/sbin/openrc-run -# Copyright 2014 Nicholas Vinson -# Copyright 1999-2014 Gentoo Foundation +# Copyright 2014-2016 Nicholas Vinson +# Copyright 1999-2016 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 extra_commands="clear list panic save" diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service new file mode 100644 index 000000000000..61eaee261c68 --- /dev/null +++ b/net-firewall/nftables/files/systemd/nftables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Store and restore nftables firewall rules +ConditionPathExists=/var/lib/nftables-rules-save +Before=network.target +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save +ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/nftables/nftables-0.6.ebuild b/net-firewall/nftables/nftables-0.6-r1.ebuild index d97df4d2716f..550c6da95816 100644 --- a/net-firewall/nftables/nftables-0.6.ebuild +++ b/net-firewall/nftables/nftables-0.6-r1.ebuild @@ -57,12 +57,28 @@ src_install() { default dodir /usr/libexec/${PN} - insinto /usr/libexec/${PN} - doins /usr/libexec/${PN}/${PN}.sh + exeinto /usr/libexec/${PN} + doexe "${FILESDIR}"/libexec/${PN}.sh newconfd "${FILESDIR}"/${PN}.confd ${PN} - newinitd "${FILESDIR}"/${PN}.init-r2 ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} keepdir /var/lib/nftables - systemd_dounit "${FILESDIR}"/systemd/${PN}{,-{re,}store}.service + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + systemd_enable_service basic.target ${PN}-restore.service +} + +pkg_postinst() { + local save_file + save_file="${EROOT}var/lib/nftables/rules-save" + + elog "In order for the nftables-restore systemd service to start, " + elog "the file, ${save_file}, must exist. To create this " + elog "file run the following command: " + elog "" + elog " touch '${save_file}'" + elog "" + elog "Afterwards, the nftables-restore service should be manually started " + elog "to ensure firewall changes are stored on system shutdown. The " + elog "systemd service will function normally thereafter." } |