aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2020-01-04 17:14:24 +0100
committerJakub Jirutka <jakub@jirutka.cz>2020-01-04 17:21:42 +0100
commit239ecb16b43a14761e151222bf8f9cd99825d15f (patch)
treebb4209049ad12aa1fd7a702680494052253aa231
parent12bb17de3742c8c60d2802aaf4a7469fd1d74aea (diff)
downloadaports-239ecb16b43a14761e151222bf8f9cd99825d15f.tar.bz2
aports-239ecb16b43a14761e151222bf8f9cd99825d15f.tar.xz
main/nftables: change default rules_file location and save_on_stop
-rw-r--r--main/nftables/APKBUILD4
-rw-r--r--main/nftables/nftables.confd6
-rw-r--r--main/nftables/nftables.initd4
-rw-r--r--main/nftables/nftables.post-upgrade18
4 files changed, 24 insertions, 8 deletions
diff --git a/main/nftables/APKBUILD b/main/nftables/APKBUILD
index 3e1b803663..dcd4703a69 100644
--- a/main/nftables/APKBUILD
+++ b/main/nftables/APKBUILD
@@ -56,6 +56,6 @@ package() {
}
sha512sums="d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43 nftables-0.9.3.tar.bz2
-4eb1adf003dfcaad65c91af6ca88d91b7904c471aefae67e7d3c2f8e053e1ac196d3437a45d1fed5a855b876a0f1fc58a724e381d2acf1164d9120cadee73eef nftables.confd
-58daafb012b7cd0248a7db6e10f6a667e683347aaea7eaa78cb88780272f334e00913cea3fd39a22a4a72acc27fabd101944b40916f4b534ddeb509bd0232017 nftables.initd
+cca875473bbd7b2326afcaeec84b1f9826afb70fc67381a64f3ad104a13a314bd2c352e0fac1f602b9980edb2818bf6242373aa1634ce17bcc1d82eeb8b05b39 nftables.confd
+8bb5781fcccf64c6fd074c5fccf8a4aa93b7cb69fc8e58c6cf359e2367a6627e9cf616df1e8bf80171b09f4a9aab1b7296e2edfda0dac138c1cc6201b8d2da8b nftables.initd
059e0920517ff9f9c564bdfda6a06e8392a2755c01f8d0331a8577fd027713948d3f1e2cbe9da5077870181dc9e425d8c69e4c82ea6ee261fced4ab61aff3ad4 nftables.nft"
diff --git a/main/nftables/nftables.confd b/main/nftables/nftables.confd
index 87fa8f2eae..f01275947f 100644
--- a/main/nftables/nftables.confd
+++ b/main/nftables/nftables.confd
@@ -2,13 +2,13 @@
# Location of file with nftables rules to restore on service start,
# and save rules to on service stop when $save_on_stop is enabled.
-#rules_file="/etc/firewall.nft"
+#rules_file="/etc/nftables.nft"
# Options to pass to nft on save.
#save_options="-n"
-# Save state on stopping nftables.
-#save_on_stop="yes"
+# Save state on stopping nftables (this will overwrite $rules_file).
+#save_on_stop="no"
# Enable IPv4/IPv6 forwarding with the rules?
# Note: If you want to enable forwarding only on selected interfaces,
diff --git a/main/nftables/nftables.initd b/main/nftables/nftables.initd
index c763b395dd..62d0e8496e 100644
--- a/main/nftables/nftables.initd
+++ b/main/nftables/nftables.initd
@@ -13,9 +13,9 @@ description_panic="Immediately drop all packets on all interfaces."
description_reload="Clear current rulesets and load rulesets from the saved ruleset files."
# Uppercase variables are there for backward compatibility.
-: ${rules_file:=${NFTABLES_SAVE:="/etc/firewall.nft"}}
+: ${rules_file:=${NFTABLES_SAVE:="/etc/nftables.nft"}}
: ${save_options:=${SAVE_OPTIONS:="-n"}}
-: ${save_on_stop:=${SAVE_ON_STOP:="yes"}}
+: ${save_on_stop:=${SAVE_ON_STOP:="no"}}
: ${enable_forwarding:="no"}
depend() {
diff --git a/main/nftables/nftables.post-upgrade b/main/nftables/nftables.post-upgrade
index c360ec44f3..8ab77c096d 100644
--- a/main/nftables/nftables.post-upgrade
+++ b/main/nftables/nftables.post-upgrade
@@ -14,6 +14,22 @@ if [ "$(apk version -t "$ver_old" "0.8.3-r1")" = "<" ]; then
fi
fi
+# I made a mistake before, the new default location was /etc/firewall.nft, not
+# /etc/nftables.nft. Now I changed it to /etc/nftables.nft (same as Arch Linux),
+# so if /etc/firewall.nft exists and /etc/nftables.nft didn't exist, copy
+# /etc/firewall.nft to /etc/nftables.nft to not break existing setup.
if [ "$(apk version -t "$ver_old" "0.9.3-r2")" = "<" ]; then
- echo '* Note that /etc/nftables/ was moved to /usr/share/nftables/.' >&2
+ old_file='/etc/firewall.nft'
+ new_file='/etc/nftables.nft'
+
+ cat >&2 <<-EOF
+ * The default rules_file was changed to $new_file and
+ * save_on_stop disabled!
+ * Also note that /etc/nftables/ was moved to /usr/share/nftables/.
+ EOF
+
+ if [ -f "$old_file" ] && [ ! -f "$new_file.apk-new" ]; then
+ echo "* Copying $old_file to $new_file" >&2
+ cp -a "$old_file" "$new_file"
+ fi
fi