Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rwxr-xr-xnet-firewall/nftables/files/libexec/nftables.sh1
-rw-r--r--net-firewall/nftables/files/nftables.init (renamed from net-firewall/nftables/files/nftables.init-r2)4
-rw-r--r--net-firewall/nftables/files/systemd/nftables-restore.service14
-rw-r--r--net-firewall/nftables/nftables-0.6-r1.ebuild (renamed from net-firewall/nftables/nftables-0.6.ebuild)24
4 files changed, 36 insertions, 7 deletions
diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh
index 2d8c9f04d69d..f720b9bfc514 100755
--- a/net-firewall/nftables/files/libexec/nftables.sh
+++ b/net-firewall/nftables/files/libexec/nftables.sh
@@ -147,4 +147,3 @@ deletetable() {
}
main "$@"
-exit $?
diff --git a/net-firewall/nftables/files/nftables.init-r2 b/net-firewall/nftables/files/nftables.init
index 5a59fbc00387..217251e41db4 100644
--- a/net-firewall/nftables/files/nftables.init-r2
+++ b/net-firewall/nftables/files/nftables.init
@@ -1,6 +1,6 @@
#!/sbin/openrc-run
-# Copyright 2014 Nicholas Vinson
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 2014-2016 Nicholas Vinson
+# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
extra_commands="clear list panic save"
diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service
new file mode 100644
index 000000000000..61eaee261c68
--- /dev/null
+++ b/net-firewall/nftables/files/systemd/nftables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Store and restore nftables firewall rules
+ConditionPathExists=/var/lib/nftables-rules-save
+Before=network.target
+Before=shutdown.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save
+ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/nftables/nftables-0.6.ebuild b/net-firewall/nftables/nftables-0.6-r1.ebuild
index d97df4d2716f..550c6da95816 100644
--- a/net-firewall/nftables/nftables-0.6.ebuild
+++ b/net-firewall/nftables/nftables-0.6-r1.ebuild
@@ -57,12 +57,28 @@ src_install() {
default
dodir /usr/libexec/${PN}
- insinto /usr/libexec/${PN}
- doins /usr/libexec/${PN}/${PN}.sh
+ exeinto /usr/libexec/${PN}
+ doexe "${FILESDIR}"/libexec/${PN}.sh
newconfd "${FILESDIR}"/${PN}.confd ${PN}
- newinitd "${FILESDIR}"/${PN}.init-r2 ${PN}
+ newinitd "${FILESDIR}"/${PN}.init ${PN}
keepdir /var/lib/nftables
- systemd_dounit "${FILESDIR}"/systemd/${PN}{,-{re,}store}.service
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+ systemd_enable_service basic.target ${PN}-restore.service
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}var/lib/nftables/rules-save"
+
+ elog "In order for the nftables-restore systemd service to start, "
+ elog "the file, ${save_file}, must exist. To create this "
+ elog "file run the following command: "
+ elog ""
+ elog " touch '${save_file}'"
+ elog ""
+ elog "Afterwards, the nftables-restore service should be manually started "
+ elog "to ensure firewall changes are stored on system shutdown. The "
+ elog "systemd service will function normally thereafter."
}