[Buildroot] [PATCH] package/iptables: add init script

Nicolas Cavallari nicolas.cavallari at green-communications.fr
Tue Sep 14 11:03:49 UTC 2021


On 14/09/2021 11:46, José Pekkarinen wrote:
> This patch will add an init script that allows
> to set a ruleset in /etc/iptables.conf to be loaded
> on boot, or flushed on stop, as well as a saving
> command to generate a new file.
> 
> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> ---
>   package/iptables/S41iptables | 58 ++++++++++++++++++++++++++++++++++++
>   package/iptables/iptables.mk |  6 ++++
>   2 files changed, 64 insertions(+)
>   create mode 100644 package/iptables/S41iptables
> 
> diff --git a/package/iptables/S41iptables b/package/iptables/S41iptables
> new file mode 100644
> index 0000000000..93998b78de
> --- /dev/null
> +++ b/package/iptables/S41iptables

Regardless of whether the maintainers want this in buildroot or not, it 
does not make sense to start this after S40network;
Ideally, the firewall should be enabled before even enabling any network 
interface.

It is even debatable if the firewall should be disabled when shutting 
down, or just left enabled.

(also, iptables is deprecated in favor of nftables)


More information about the buildroot mailing list