package/iptables: check for rules in init script

Instead of installing an empty rules file, the init script now checks
if the rules file exists and does nothing if it doesn't. The "save"
action is exempt from that limit because it may be used to create the
rules file.

Also fix the shellcheck warning about the unused IPTABLES_ARGS
variable, and use long form options for iptables commands.

Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>

.checkpackageignore

@@ -584,7 +584,6 @@ package/ipmitool/0002-Fix-enterprise-numbers-URL.patch lib_patch.Upstream
 package/ipmitool/0003-Do-not-require-the-IANA-PEN-registry-file.patch lib_patch.Upstream
 package/ipmitool/0004-configure.ac-allow-disabling-registry-downloads.patch lib_patch.Upstream
 package/iprutils/0001-configure.ac-add-AC_USE_SYSTEM_EXTENSIONS.patch lib_patch.Upstream
-package/iptables/S35iptables Shellcheck
 package/irda-utils/0001-daemon.patch lib_patch.Sob lib_patch.Upstream
 package/irda-utils/0002-nommu.patch lib_patch.Sob lib_patch.Upstream
 package/irda-utils/0003-subdir.patch lib_patch.Sob lib_patch.Upstream

package/iptables/S35iptables

@@ -2,11 +2,18 @@
 
 DAEMON="iptables"
 
-IPTABLES_ARGS=""
+IPTABLES_CONF="/etc/iptables.conf"
+
+# Run only if IPTABLES_CONF exists, except when the action is "save"
+# (which creates it).
+if [ ! -f "${IPTABLES_CONF}" ] && [ "$1" != "save" ]; then
+	echo "${IPTABLES_CONF} does not exist, nothing to do."
+	exit 0
+fi
 
 start() {
 	printf 'Starting %s: ' "$DAEMON"
-	iptables-restore /etc/iptables.conf
+	iptables-restore "$IPTABLES_CONF"
 	status=$?
 	if [ "$status" -eq 0 ]; then
 		echo "OK"
@@ -18,7 +25,7 @@ start() {
 
 stop() {
 	printf 'Stopping %s: ' "$DAEMON"
-	iptables -F
+	iptables --flush
 	status=$?
 	if [ "$status" -eq 0 ]; then
 		echo "OK"
@@ -30,13 +37,12 @@ stop() {
 
 restart() {
 	stop
-	sleep 1
 	start
 }
 
 save() {
 	printf 'Saving %s: ' "$DAEMON"
-	iptables-save -f /etc/iptables.conf
+	iptables-save --file "$IPTABLES_CONF"
 	status=$?
 	if [ "$status" -eq 0 ]; then
 		echo "OK"

package/iptables/iptables.mk

@@ -59,7 +59,6 @@ endef
 define IPTABLES_INSTALL_INIT_SYSV
 	$(INSTALL) -m 0755 -D package/iptables/S35iptables \
 		$(TARGET_DIR)/etc/init.d/S35iptables
-	touch $(TARGET_DIR)/etc/iptables.conf
 endef
 
 ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES_DEFAULT),y)