summaryrefslogtreecommitdiff
path: root/files/etc/init.d/container_init
blob: 7e8d225364858eac5a496fa4c0d31713ea66ce71 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/sh /etc/rc.common
# Copyright (C) 2018 Mikael Magnusson

START=15

log_output() {
	logger -t container_init "$@"
}

boot() {
	# Only execute for lxc containers
	if [ "$container" != "lxc" ]; then
		exit 0
	fi

	local disable_ipv6="$(uci_get firewall @defaults[0] disable_ipv6 false)"
	case "$disable_ipv6" in
		'0'|'no'|'off'|'false'|'disabled') disable_ipv6=false ;;
		'1'|'yes'|'on'|'true'|'enabled') disable_ipv6=true ;;
	esac

	tables='filter nat mangle raw'
	res=0
	for table in $tables; do
		iptables -n -t $table -L >/dev/null 2>/dev/null 
		if ! grep $table /proc/net/ip_tables_names >/dev/null; then
			log_output -p daemon.crit "ip $table load failed"
			res=1
		fi

		if [ "$disable_ipv6" = "false" ]; then
			ip6tables -n -t $table -L >/dev/null 2>/dev/null
			if ! grep $table /proc/net/ip6_tables_names >/dev/null; then
				log_output -p daemon.crit "ip6 $table load failed"
				res=1
			fi
		fi
	done
	if [ "$res" == "0" ]; then
		if [ "$disable_ipv6" = "false" ]; then
			log_output -p daemon.info "ip and ip6 tables loaded successfully"
		else
			log_output -p daemon.info "ip tables loaded successfully"
		fi
	fi

	if [ ! -e /lib/modules/$(uname -r) ]; then
		local modulesdir=$(basename $(dirname $(opkg files kmod-ipt-core|grep "/lib/modules/[0-9].*"|head -1)))
		ln -s $modulesdir /lib/modules/$(uname -r)
	fi
	exit $res
}