diff options
4 files changed, 36 insertions, 4 deletions
diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.rules b/meta/recipes-extended/iptables/iptables/ip6tables.rules new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.rules diff --git a/meta/recipes-extended/iptables/iptables/ip6tables.service b/meta/recipes-extended/iptables/iptables/ip6tables.service new file mode 100644 index 0000000000..6c059fca49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/ip6tables.service @@ -0,0 +1,13 @@ +[Unit] +Description=IPv6 Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +ExecReload=@SBINDIR@/ip6tables-restore -w -- @RULESDIR@/ip6tables.rules +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-extended/iptables/iptables/iptables.service b/meta/recipes-extended/iptables/iptables/iptables.service index 5a8aa3f298..0eb3c343de 100644 --- a/meta/recipes-extended/iptables/iptables/iptables.service +++ b/meta/recipes-extended/iptables/iptables/iptables.service @@ -1,12 +1,12 @@ [Unit] -Description=Packet Filtering Framework +Description=IPv4 Packet Filtering Framework Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot -ExecStart=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules -ExecReload=@SBINDIR@/iptables-restore @RULESDIR@/iptables.rules +ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules +ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules RemainAfterExit=yes [Install] diff --git a/meta/recipes-extended/iptables/iptables_1.8.3.bb b/meta/recipes-extended/iptables/iptables_1.8.3.bb index 73680207b4..96d195d9d0 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.3.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.3.bb @@ -13,11 +13,16 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ file://iptables.service \ file://iptables.rules \ + file://ip6tables.service \ + file://ip6tables.rules \ " SRC_URI[md5sum] = "29de711d15c040c402cf3038c69ff513" SRC_URI[sha256sum] = "a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80" -SYSTEMD_SERVICE_${PN} = "iptables.service" +SYSTEMD_SERVICE_${PN} = "\ + iptables.service \ + ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \ +" inherit autotools pkgconfig systemd @@ -51,6 +56,16 @@ do_install_append() { -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ ${D}${systemd_system_unitdir}/iptables.service + + if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then + install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR} + install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir} + + sed -i \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \ + ${D}${systemd_system_unitdir}/ip6tables.service + fi } PACKAGES += "${PN}-modules" @@ -75,6 +90,10 @@ RRECOMMENDS_${PN} = " \ kernel-module-nf-conntrack-ipv4 \ kernel-module-nf-nat \ kernel-module-ipt-masquerade \ + ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\ + kernel-module-ip6table-filter \ + kernel-module-ip6-tables \ + ', '', d)} \ " FILES_${PN} += "${datadir}/xtables" |