From f7251e7e3a1794d165815ae2c372f75b6352923f Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Wed, 21 Aug 2013 10:36:14 -0400 Subject: [PATCH] add ebtables systemd support --- ebtables.service | 11 +++++++ ebtables.spec | 50 +++++++++++++++++++------------- ebtables.systemd | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 115 insertions(+), 20 deletions(-) create mode 100644 ebtables.service create mode 100644 ebtables.systemd diff --git a/ebtables.service b/ebtables.service new file mode 100644 index 0000000..e0b0162 --- /dev/null +++ b/ebtables.service @@ -0,0 +1,11 @@ +[Unit] +Description=Ethernet Bridge Filtering tables + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/ebtables start +ExecStop=/usr/libexec/ebtables stop + +[Install] +WantedBy=multi-user.target diff --git a/ebtables.spec b/ebtables.spec index 0a91e88..93b6454 100644 --- a/ebtables.spec +++ b/ebtables.spec @@ -2,19 +2,23 @@ Name: ebtables Version: 2.0.10 -Release: 9%{?dist} +Release: 11%{?dist} Summary: Ethernet Bridge frame table administration tool License: GPLv2+ Group: System Environment/Base URL: http://ebtables.sourceforge.net/ Source0: http://downloads.sourceforge.net/ebtables/ebtables-v%{version}-%{ebminor}.tar.gz Source1: ebtables-save -Requires(pre): /sbin/chkconfig -Requires(postun): /sbin/service +Source2: ebtables.systemd +Source3: ebtables.service Patch0: ebtables-2.0.10-norootinst.patch Patch3: ebtables-2.0.9-lsb.patch Patch4: ebtables-2.0.10-linkfix.patch Patch5: ebtables-2.0.0-audit.patch +BuildRequires: systemd-units +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd %description Ethernet bridge tables is a firewalling tool to transparently filter network @@ -43,34 +47,36 @@ MY_CFLAGS=`echo $RPM_OPT_FLAGS -fPIC | sed -e 's/-fstack-protector//g'` make %{?_smp_mflags} CFLAGS="$MY_CFLAGS" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" %install -mkdir -p $RPM_BUILD_ROOT%{_initrddir} -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig -make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" install -touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.filter -touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.nat -touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ebtables.broute +mkdir -p %{buildroot}%{_initrddir} +mkdir -p %{buildroot}%{_unitdir} +install -p %{SOURCE3} %{buildroot}%{_unitdir}/ +mkdir -p %{buildroot}%{_libexecdir} +install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +make DESTDIR="%{buildroot}" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" install +touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.filter +touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.nat +touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.broute + +# Do not need the sysvinit +rm -rf %{buildroot}%{_initrddir} # install ebtables-save bash script -rm -f $RPM_BUILD_ROOT/sbin/ebtables-save -install %{SOURCE1} $RPM_BUILD_ROOT/sbin/ebtables-save +rm -f %{buildroot}/sbin/ebtables-save +install %{SOURCE1} %{buildroot}/sbin/ebtables-save # move libebtc.so into the ldpath mv %{buildroot}/%{_lib}/ebtables/libebtc.so %{buildroot}/%{_lib}/ %post -/sbin/chkconfig --add ebtables +%systemd_post ebtables.service /sbin/ldconfig %preun -if [ $1 -eq 0 ]; then - /sbin/service ebtables stop &>/dev/null || : - /sbin/chkconfig --del ebtables -fi +%systemd_preun ebtables.service %postun -if [ $1 -ge 1 ]; then - /sbin/service ebtables condrestart &> /dev/null || : -fi +%systemd_postun_with_restart ebtables.service /sbin/ldconfig %files @@ -79,7 +85,8 @@ fi %doc %{_mandir}/man8/ebtables.8* %config(noreplace) %{_sysconfdir}/ethertypes %config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config -%{_initrddir}/ebtables +%{_unitdir}/ebtables.service +%{_libexecdir}/ebtables /%{_lib}/libebtc.so /%{_lib}/ebtables/ /sbin/ebtables* @@ -88,6 +95,9 @@ fi %ghost %{_sysconfdir}/sysconfig/ebtables.broute %changelog +* Wed Aug 21 2013 Tom Callaway - 2.0.10-11 +- convert to systemd + * Sat Aug 03 2013 Fedora Release Engineering - 2.0.10-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/ebtables.systemd b/ebtables.systemd new file mode 100644 index 0000000..bf06d8a --- /dev/null +++ b/ebtables.systemd @@ -0,0 +1,74 @@ +#!/bin/bash + +RETVAL=0 + +initialize() { + # Initialize $TYPE tables + echo -n $" $TYPE tables: " + if [ -r /etc/sysconfig/ebtables.$TYPE ]; then + /sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1 + else + echo -n "not configured" + fi + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi +} + +case $1 in + start) + # Initialize filter tables + TYPE=filter + initialize + + # Initialize NAT tables + echo + TYPE=nat + initialize + + # Initialize broute tables + echo + TYPE=broute + initialize + ;; + stop) + /sbin/ebtables -t filter --init-table || RETVAL=1 + /sbin/ebtables -t nat --init-table || RETVAL=1 + /sbin/ebtables -t broute --init-table || RETVAL=1 + + for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do + /sbin/rmmod $mod || RETVAL=1 + done + + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi + ;; + save) + echo -n $"Saving Ethernet bridge filtering (ebtables): " + /sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1 + /sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1 + /sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1 + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi + ;; + *) + echo "usage: ${0##*/} {start|stop|save}" >&2 + exit 1 + ;; +esac + +# vim:set ts=2 sw=2 ft=sh et: