rpms/iptables/devel iptables.init, 1.12, 1.13 iptables.spec, 1.48, 1.49

Thomas Woerner (twoerner) fedora-extras-commits at redhat.com
Thu Aug 23 14:55:23 UTC 2007 

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30071

Modified Files:
	iptables.init iptables.spec 
Log Message:
[tw]
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
- provide iptc interface again, but unsupported (rhbz#216733)
- compile all extension, which are supported by the kernel-headers package
- review fixes (rhbz#225906)




Index: iptables.init
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.init,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- iptables.init	23 Apr 2007 18:58:32 -0000	1.12
+++ iptables.init	23 Aug 2007 14:54:50 -0000	1.13
@@ -7,6 +7,16 @@
 #
 # config: /etc/sysconfig/iptables
 # config: /etc/sysconfig/iptables-config
+#
+### BEGIN INIT INFO
+# Provides: iptables
+# Required-Start: $local_fs
+# Required-Stop: $local_fs
+# Default-Start:  2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop iptables firewall
+# Description: Start, stop and save iptables firewall
+### END INIT INFO
 
 # Source function library.
 . /etc/init.d/functions
@@ -15,24 +25,15 @@
 IPTABLES_DATA=/etc/sysconfig/$IPTABLES
 IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
 IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
+[ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
 PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
 VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
 
 if [ ! -x /sbin/$IPTABLES ]; then
     echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
-    exit 0
+    exit 5
 fi
 
-if lsmod 2>/dev/null | grep -q ipchains ; then
-    echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
-    exit 0
-fi
-
-# no protocol support, don't try to run
-if [ ! -d /proc/sys/net/ipv4 ]; then
-    exit 0
-fi    
-
 # Old or new modutils
 /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
     && NEW_MODUTILS=1 \
@@ -59,8 +60,8 @@
     # Get referring modules.
     # New modutils have another output format.
     [ $NEW_MODUTILS = 1 ] \
-	&& ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
-	|| ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
+	&& ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') \
+	|| ref=$(lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1)
 
     # recursive call for all referring modules
     for i in $ref; do
@@ -84,7 +85,7 @@
     [ -e "$PROC_IPTABLES_NAMES" ] || return 1
 
     # Check if firewall is configured (has tables)
-    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
+    tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null)
     [ -z "$tables" ] && return 1
 
     echo -n $"Flushing firewall rules: "
@@ -117,7 +118,7 @@
     [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
 
     # Check if firewall is configured (has tables)
-    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
+    tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null)
     [ -z "$tables" ] && return 1
 
     echo -n $"Setting chains to policy $policy: "
@@ -206,8 +207,12 @@
 	ret=0
 	rmmod_r ${IPV}_tables
 	let ret+=$?;
-	rmmod_r ${IPV}_conntrack
+	rmmod_r nf_conntrack_${_IPV}
 	let ret+=$?;
+	# try to unload remaining netfilter modules used by ipv4 and ipv6 
+	# netfilter
+	rmmod_r x_tables
+	rmmod_r nf_conntrack
 	[ $ret -eq 0 ] && success || failure
 	echo
     fi
@@ -221,7 +226,7 @@
     [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
 
     # Check if firewall is configured (has tables)
-    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
+    tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null)
     [ -z "$tables" ] && return 1
 
     echo -n $"Saving firewall rules to $IPTABLES_DATA: "
@@ -230,10 +235,10 @@
     [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
 
     ret=0
-    TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
+    TMP_FILE=$(/bin/mktemp -q /tmp/$IPTABLES.XXXXXX) \
 	&& chmod 600 "$TMP_FILE" \
 	&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
-	&& size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
+	&& size=$(stat -c '%s' $TMP_FILE) && [ $size -gt 0 ] \
 	|| ret=1
     if [ $ret -eq 0 ]; then
 	if [ -e $IPTABLES_DATA ]; then
@@ -254,24 +259,20 @@
 }
 
 status() {
-    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
+    tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null)
 
     # Do not print status if lockfile is missing and iptables modules are not 
     # loaded.
-    # Check if iptable module is loaded
+    # Check if iptable modules are loaded
     if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
 	echo $"Firewall is stopped."
-	return 1
+	return 3
     fi
 
     # Check if firewall is configured (has tables)
-    if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
-	echo $"Firewall is not configured. "
-	return 1
-    fi
-    if [ -z "$tables" ]; then
+    if [ ! -e "$PROC_IPTABLES_NAMES" -o -z "$tables" ]; then
 	echo $"Firewall is not configured. "
-	return 1
+	return 3
     fi
 
     NUM=
@@ -295,23 +296,29 @@
     start
 }
 
+status >/dev/null 2>&1
+running=$?
+
 case "$1" in
     start)
-	stop
+	[ $running -eq 0 ] && exit 0
 	start
 	RETVAL=$?
 	;;
     stop)
+	[ $running -eq 0 ] || exit 0
 	[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
 	stop
 	RETVAL=$?
 	;;
-    restart)
+    restart|force-reload)
 	restart
 	RETVAL=$?
 	;;
-    condrestart)
-	[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
+    condrestart|try-restart)
+	[ ! -e "$VAR_SUBSYS_IPTABLES" ] && exit 7
+	restart
+	RETVAL=$?
 	;;
     status)
 	status
@@ -328,7 +335,7 @@
 	;;
     *)
 	echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
-	exit 1
+	RETVAL=3
 	;;
 esac

More information about the fedora-extras-commits mailing list