summaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rwxr-xr-xfiles/etc/init.d/container_init47
1 files changed, 47 insertions, 0 deletions
diff --git a/files/etc/init.d/container_init b/files/etc/init.d/container_init
new file mode 100755
index 0000000..386dcbd
--- /dev/null
+++ b/files/etc/init.d/container_init
@@ -0,0 +1,47 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 Mikael Magnusson
+
+START=15
+
+log_output() {
+ logger -t container_init "$@"
+}
+
+boot() {
+ # Only execute for lxc containers
+ if [ "$container" != "lxc" ]; then
+ exit 0
+ fi
+
+ local disable_ipv6="$(uci_get firewall @defaults[0] disable_ipv6 false)"
+ case "$disable_ipv6" in
+ '0'|'no'|'off'|'false'|'disabled') disable_ipv6=false ;;
+ '1'|'yes'|'on'|'true'|'enabled') disable_ipv6=true ;;
+ esac
+
+ tables='filter nat mangle raw'
+ res=0
+ for table in $tables; do
+ iptables -n -t $table -L >/dev/null 2>/dev/null
+ if ! grep $table /proc/net/ip_tables_names >/dev/null; then
+ log_output -p daemon.crit "ip $table load failed"
+ res=1
+ fi
+
+ if [ "$disable_ipv6" = "false" ]; then
+ ip6tables -n -t $table -L >/dev/null 2>/dev/null
+ if ! grep $table /proc/net/ip6_tables_names >/dev/null; then
+ log_output -p daemon.crit "ip6 $table load failed"
+ res=1
+ fi
+ fi
+ done
+ if [ "$res" == "0" ]; then
+ if [ "$disable_ipv6" = "false" ]; then
+ log_output -p daemon.info "ip and ip6 tables loaded successfully"
+ else
+ log_output -p daemon.info "ip tables loaded successfully"
+ fi
+ fi
+ exit $res
+}