1 files changed, 47 insertions, 0 deletions

diff --git a/files/etc/init.d/container_init b/files/etc/init.d/container_init
new file mode 100755
index 0000000..386dcbd
--- /dev/null
+++ b/files/etc/init.d/container_init
@@ -0,0 +1,47 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 Mikael Magnusson
+
+START=15
+
+log_output() {
+	logger -t container_init "$@"
+}
+
+boot() {
+	# Only execute for lxc containers
+	if [ "$container" != "lxc" ]; then
+		exit 0
+	fi
+
+	local disable_ipv6="$(uci_get firewall @defaults[0] disable_ipv6 false)"
+	case "$disable_ipv6" in
+		'0'|'no'|'off'|'false'|'disabled') disable_ipv6=false ;;
+		'1'|'yes'|'on'|'true'|'enabled') disable_ipv6=true ;;
+	esac
+
+	tables='filter nat mangle raw'
+	res=0
+	for table in $tables; do
+		iptables -n -t $table -L >/dev/null 2>/dev/null 
+		if ! grep $table /proc/net/ip_tables_names >/dev/null; then
+			log_output -p daemon.crit "ip $table load failed"
+			res=1
+		fi
+
+		if [ "$disable_ipv6" = "false" ]; then
+			ip6tables -n -t $table -L >/dev/null 2>/dev/null
+			if ! grep $table /proc/net/ip6_tables_names >/dev/null; then
+				log_output -p daemon.crit "ip6 $table load failed"
+				res=1
+			fi
+		fi
+	done
+	if [ "$res" == "0" ]; then
+		if [ "$disable_ipv6" = "false" ]; then
+			log_output -p daemon.info "ip and ip6 tables loaded successfully"
+		else
+			log_output -p daemon.info "ip tables loaded successfully"
+		fi
+	fi
+	exit $res
+}