Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/iptables: check for rules in init script

Instead of installing an empty rules file, the init script now checks
if the rules file exists and does nothing if it doesn't. The "save"
action is exempt from that limit because it may be used to create the
rules file.

Also fix the shellcheck warning about the unused IPTABLES_ARGS
variable, and use long form options for iptables commands.

Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fiona Klute (WIWA) 5 months ago
parent
2625440614
commit
475722ea46
3 changed files with 11 additions and 7 deletions
Split View Show Diff Stats
  1. 0 1
      .checkpackageignore
  2. 11 5
      package/iptables/S35iptables
  3. 0 1
      package/iptables/iptables.mk

+ 0 - 1
.checkpackageignore
View File 

@@ -584,7 +584,6 @@ package/ipmitool/0002-Fix-enterprise-numbers-URL.patch lib_patch.Upstream
 
 package/ipmitool/0003-Do-not-require-the-IANA-PEN-registry-file.patch lib_patch.Upstream
 
 package/ipmitool/0004-configure.ac-allow-disabling-registry-downloads.patch lib_patch.Upstream
 
 package/iprutils/0001-configure.ac-add-AC_USE_SYSTEM_EXTENSIONS.patch lib_patch.Upstream
 
-package/iptables/S35iptables Shellcheck
 
 package/irda-utils/0001-daemon.patch lib_patch.Sob lib_patch.Upstream
 
 package/irda-utils/0002-nommu.patch lib_patch.Sob lib_patch.Upstream
 
 package/irda-utils/0003-subdir.patch lib_patch.Sob lib_patch.Upstream

+ 11 - 5
package/iptables/S35iptables
View File 

@@ -2,11 +2,18 @@
 
 
 DAEMON="iptables"
 
 
-IPTABLES_ARGS=""
 
+IPTABLES_CONF="/etc/iptables.conf"
 
+
 
+# Run only if IPTABLES_CONF exists, except when the action is "save"
 
+# (which creates it).
 
+if [ ! -f "${IPTABLES_CONF}" ] && [ "$1" != "save" ]; then
 
+	echo "${IPTABLES_CONF} does not exist, nothing to do."
 
+	exit 0
 
+fi
 
 
 start() {
 
 	printf 'Starting %s: ' "$DAEMON"
 
-	iptables-restore /etc/iptables.conf
 
+	iptables-restore "$IPTABLES_CONF"
 
 	status=$?
 
 	if [ "$status" -eq 0 ]; then
 
 		echo "OK"
 
@@ -18,7 +25,7 @@ start() {
 
 
 stop() {
 
 	printf 'Stopping %s: ' "$DAEMON"
 
-	iptables -F
 
+	iptables --flush
 
 	status=$?
 
 	if [ "$status" -eq 0 ]; then
 
 		echo "OK"
 
@@ -30,13 +37,12 @@ stop() {
 
 
 restart() {
 
 	stop
 
-	sleep 1
 
 	start
 
 }
 
 
 save() {
 
 	printf 'Saving %s: ' "$DAEMON"
 
-	iptables-save -f /etc/iptables.conf
 
+	iptables-save --file "$IPTABLES_CONF"
 
 	status=$?
 
 	if [ "$status" -eq 0 ]; then
 
 		echo "OK"

+ 0 - 1
package/iptables/iptables.mk
View File 

@@ -59,7 +59,6 @@ endef
 
 define IPTABLES_INSTALL_INIT_SYSV
 
 	$(INSTALL) -m 0755 -D package/iptables/S35iptables \
 
 		$(TARGET_DIR)/etc/init.d/S35iptables
 
-	touch $(TARGET_DIR)/etc/iptables.conf
 
 endef
 
 
 ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT),y)