[Buildroot] [PATCH] package/iptables: add init script
José Pekkarinen
jose.pekkarinen at unikie.com
Tue Sep 14 11:35:06 UTC 2021
On Tue, Sep 14, 2021 at 2:05 PM Nicolas Cavallari <
nicolas.cavallari at green-communications.fr> wrote:
> On 14/09/2021 11:46, José Pekkarinen wrote:
> > This patch will add an init script that allows
> > to set a ruleset in /etc/iptables.conf to be loaded
> > on boot, or flushed on stop, as well as a saving
> > command to generate a new file.
> >
> > Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> > ---
> > package/iptables/S41iptables | 58 ++++++++++++++++++++++++++++++++++++
> > package/iptables/iptables.mk | 6 ++++
> > 2 files changed, 64 insertions(+)
> > create mode 100644 package/iptables/S41iptables
> >
> > diff --git a/package/iptables/S41iptables b/package/iptables/S41iptables
> > new file mode 100644
> > index 0000000000..93998b78de
> > --- /dev/null
> > +++ b/package/iptables/S41iptables
>
> Regardless of whether the maintainers want this in buildroot or not, it
> does not make sense to start this after S40network;
> Ideally, the firewall should be enabled before even enabling any network
> interface.
>
> It is even debatable if the firewall should be disabled when shutting
> down, or just left enabled.
>
> (also, iptables is deprecated in favor of nftables)
>
Hi,
Thanks for the very valid points, I don't have any problem
in moving the name to any other number before 40 on demand. Re
the deprecation, I'm not sure if the tools are going away since I believe
there is backward compatibility layer in place, but certainly, if it is
requested, I can bake something similar for nftables and be done.
Best regards.
José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20210914/f1933f3c/attachment.html>
More information about the buildroot
mailing list