fixed init script to ensure rules save path will always exist on save

(Portage version: 2.1.11.9/cvs/Linux x86_64)

5 files changed, 136 insertions, 10 deletions

diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog
index 1cb1e10c91f4..e801648b31f0 100644
--- a/net-firewall/iptables/ChangeLog
+++ b/net-firewall/iptables/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-firewall/iptables
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.274 2012/08/01 06:46:28 radhermit Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.275 2012/09/14 17:58:26 axs Exp $
+
+*iptables-1.4.15-r1 (14 Sep 2012)
+*iptables-1.4.14-r1 (14 Sep 2012)
+*iptables-1.4.13-r2 (14 Sep 2012)
+
+  14 Sep 2012; Ian Stakenvicius <axs@gentoo.org> -iptables-1.4.13-r1.ebuild,
+  +iptables-1.4.13-r2.ebuild, +files/iptables-1.4.13-r1.init,
+  -iptables-1.4.14.ebuild, +iptables-1.4.14-r1.ebuild, -iptables-1.4.15.ebuild,
+  +iptables-1.4.15-r1.ebuild:
+  fixed init script to ensure rules save path will always exist on save
 
 *iptables-1.4.15 (01 Aug 2012)
 
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
new file mode 100644
index 000000000000..6806bc9c7282
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -0,0 +1,116 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.1 2012/09/14 17:58:26 axs Exp $
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	checkpath -q -d "$(dirname "${iptables_save}")"
+	checkpath -q -m 0600 -f "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/iptables-1.4.13-r1.ebuild b/net-firewall/iptables/iptables-1.4.13-r2.ebuild
index a3dc977cded1..8a04b2d3b070 100644
--- a/net-firewall/iptables/iptables-1.4.13-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.4.13-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.13-r1.ebuild,v 1.2 2012/06/26 04:36:01 zmedico Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.13-r2.ebuild,v 1.1 2012/09/14 17:58:26 axs Exp $
 
 EAPI="4"
 
@@ -68,11 +68,11 @@ src_install() {
 	doins include/iptables/internal.h
 
 	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-1.4.13.init iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
 	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
 	if use ipv6 ; then
 		keepdir /var/lib/ip6tables
-		newinitd "${FILESDIR}"/iptables-1.4.13.init ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
 		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
 	fi
 
diff --git a/net-firewall/iptables/iptables-1.4.14.ebuild b/net-firewall/iptables/iptables-1.4.14-r1.ebuild
index 3160adf8a117..99a9db6ba319 100644
--- a/net-firewall/iptables/iptables-1.4.14.ebuild
+++ b/net-firewall/iptables/iptables-1.4.14-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.14.ebuild,v 1.1 2012/07/23 01:52:34 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.14-r1.ebuild,v 1.1 2012/09/14 17:58:26 axs Exp $
 
 EAPI="4"
 
@@ -67,11 +67,11 @@ src_install() {
 	doins include/iptables/internal.h
 
 	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-1.4.13.init iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
 	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
 	if use ipv6 ; then
 		keepdir /var/lib/ip6tables
-		newinitd "${FILESDIR}"/iptables-1.4.13.init ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
 		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
 	fi
 
diff --git a/net-firewall/iptables/iptables-1.4.15.ebuild b/net-firewall/iptables/iptables-1.4.15-r1.ebuild
index 6364fae64b87..078c2dc3032b 100644
--- a/net-firewall/iptables/iptables-1.4.15.ebuild
+++ b/net-firewall/iptables/iptables-1.4.15-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.15.ebuild,v 1.1 2012/08/01 06:46:28 radhermit Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.15-r1.ebuild,v 1.1 2012/09/14 17:58:26 axs Exp $
 
 EAPI="4"
 
@@ -67,11 +67,11 @@ src_install() {
 	doins include/iptables/internal.h
 
 	keepdir /var/lib/iptables
-	newinitd "${FILESDIR}"/${PN}-1.4.13.init iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
 	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
 	if use ipv6 ; then
 		keepdir /var/lib/ip6tables
-		newinitd "${FILESDIR}"/iptables-1.4.13.init ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
 		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
 	fi